mirror of https://github.com/MISP/misp-docker
Merge pull request #70 from cybermaggedon/bionic
Update to Ubuntu Bionic
commit
7c10e68017
240
web/Dockerfile
240
web/Dockerfile
|
@ -1,48 +1,48 @@
|
|||
#
|
||||
# Dockerfile to build a MISP (https://github.com/MISP/MISP) container
|
||||
#
|
||||
# Original docker file by eg5846 (https://github.com/eg5846)
|
||||
#
|
||||
# 2016/03/03 - First release
|
||||
# 2017/06/02 - Updated
|
||||
# 2018/04/04 - Added objects templates
|
||||
#
|
||||
|
||||
# We are based on Ubuntu:latest
|
||||
FROM ubuntu:xenial
|
||||
MAINTAINER Xavier Mertens <xavier@rootshell.be>
|
||||
FROM ubuntu:bionic
|
||||
|
||||
# Install core components
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
RUN apt-get update && apt-get dist-upgrade -y && apt-get autoremove -y && apt-get clean
|
||||
RUN apt-get install -y software-properties-common
|
||||
RUN apt-get install -y postfix
|
||||
RUN apt-get install -y mysql-client curl gcc git gnupg-agent make python openssl redis-server sudo vim zip locales
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get dist-upgrade -y && apt-get autoremove -y && apt-get clean && \
|
||||
apt-get install -y software-properties-common && \
|
||||
apt-get install -y postfix && \
|
||||
apt-get install -y mysql-client curl gcc git gnupg-agent \
|
||||
make python openssl redis-server sudo vim zip locales
|
||||
|
||||
RUN locale-gen en_US.UTF-8
|
||||
ENV LANG en_US.UTF-8
|
||||
RUN add-apt-repository -y ppa:ondrej/php && apt-get update
|
||||
|
||||
# Apache
|
||||
RUN apt-get install -y apache2 apache2-doc apache2-utils
|
||||
RUN a2dismod status
|
||||
RUN a2dissite 000-default
|
||||
RUN apt-get install -y apache2 apache2-doc apache2-utils && \
|
||||
a2dismod status && \
|
||||
a2dissite 000-default
|
||||
|
||||
# PHP 7.2
|
||||
RUN apt-get install -y libapache2-mod-php php7.2 php7.2-cli php-crypt-gpg php7.2-dev php7.2-json php7.2-mysql php7.2-opcache php7.2-readline php7.2-redis php7.2-xml
|
||||
RUN apt-get install -y php-pear pkg-config libbson-1.0 libmongoc-1.0-0 php-xml php-dev php-gd
|
||||
# install MySQL PDO extension
|
||||
RUN apt-get install -y php-mysql
|
||||
# PHP 7.2 and install MySQL PDO extension
|
||||
RUN apt-get install -y libapache2-mod-php7.2 php7.2 php7.2-cli php7.2-dev \
|
||||
php7.2-json php7.2-mysql php7.2-opcache php7.2-readline php7.2-redis \
|
||||
php7.2-xml && \
|
||||
apt-get install -y php-pear pkg-config libbson-1.0 libmongoc-1.0-0 \
|
||||
php7.2-xml php7.2-dev php7.2-gd && \
|
||||
apt-get install -y php7.2-mysql && \
|
||||
apt-get install -y php7.2-mbstring
|
||||
|
||||
# Fix php.ini with recommended settings
|
||||
RUN sed -i "s/max_execution_time = 30/max_execution_time = 300/" /etc/php/7.2/apache2/php.ini
|
||||
RUN sed -i "s/memory_limit = 128M/memory_limit = 2048M/" /etc/php/7.2/apache2/php.ini
|
||||
RUN sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/" /etc/php/7.2/apache2/php.ini
|
||||
RUN sed -i "s/post_max_size = 8M/post_max_size = 50M/" /etc/php/7.2/apache2/php.ini
|
||||
RUN sed -i "s/max_execution_time = 30/max_execution_time = 300/" \
|
||||
/etc/php/7.2/apache2/php.ini && \
|
||||
sed -i "s/memory_limit = 128M/memory_limit = 2048M/" \
|
||||
/etc/php/7.2/apache2/php.ini && \
|
||||
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/" \
|
||||
/etc/php/7.2/apache2/php.ini && \
|
||||
sed -i "s/post_max_size = 8M/post_max_size = 50M/" \
|
||||
/etc/php/7.2/apache2/php.ini
|
||||
|
||||
RUN apt-get install -y python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools libfuzzy-dev python-lxml python3-lxml
|
||||
RUN apt-get install -y cron logrotate supervisor syslog-ng-core
|
||||
RUN apt-get clean
|
||||
RUN apt-get install -y python-dev python-pip libxml2-dev libxslt1-dev \
|
||||
zlib1g-dev python-setuptools libfuzzy-dev python-lxml python3-lxml && \
|
||||
apt-get install -y cron logrotate supervisor syslog-ng-core && \
|
||||
apt-get clean
|
||||
|
||||
# update setuptools because otherwise you'' get python errors
|
||||
RUN pip install --upgrade setuptools
|
||||
|
@ -52,15 +52,14 @@ RUN chown www-data:www-data /var/www
|
|||
USER www-data
|
||||
RUN git clone https://github.com/MISP/MISP.git
|
||||
WORKDIR /var/www/MISP
|
||||
RUN git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
RUN git config core.filemode false
|
||||
RUN git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
RUN git submodule foreach --recursive git config core.filemode false
|
||||
RUN git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`) && \
|
||||
git config core.filemode false && \
|
||||
git submodule update --init --recursive && \
|
||||
git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
WORKDIR /var/www/MISP/app/files/scripts
|
||||
RUN git clone https://github.com/CybOXProject/python-cybox.git
|
||||
RUN git clone https://github.com/STIXProject/python-stix.git
|
||||
RUN git clone https://github.com/CybOXProject/python-cybox.git && \
|
||||
git clone https://github.com/STIXProject/python-stix.git
|
||||
|
||||
WORKDIR /var/www/MISP/app/files/scripts/python-cybox
|
||||
RUN git checkout v2.1.0.12
|
||||
|
@ -75,20 +74,19 @@ RUN python setup.py install
|
|||
|
||||
USER www-data
|
||||
WORKDIR /var/www/MISP
|
||||
RUN git submodule init
|
||||
RUN git submodule update
|
||||
RUN git submodule init && git submodule update
|
||||
WORKDIR /var/www/MISP/app
|
||||
|
||||
# FIX COMPOSER
|
||||
RUN curl --fail --location -o composer-setup.php https://getcomposer.org/installer
|
||||
RUN EXPECTED_SIGNATURE="$(curl https://composer.github.io/installer.sig)"; php -r "if (hash_file('sha384', 'composer-setup.php') == '$(echo $EXPECTED_SIGNATURE)' ) { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
||||
RUN php composer-setup.php
|
||||
RUN php -r "unlink('composer-setup.php');"
|
||||
RUN curl --fail --location -o composer-setup.php https://getcomposer.org/installer && \
|
||||
EXPECTED_SIGNATURE="$(curl https://composer.github.io/installer.sig)"; php -r "if (hash_file('sha384', 'composer-setup.php') == '$(echo $EXPECTED_SIGNATURE)' ) { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" && \
|
||||
php composer-setup.php && \
|
||||
php -r "unlink('composer-setup.php');"
|
||||
# END FIX
|
||||
|
||||
RUN php composer.phar update
|
||||
RUN php composer.phar config vendor-dir Vendor
|
||||
RUN php composer.phar install --ignore-platform-reqs
|
||||
RUN php composer.phar update && \
|
||||
php composer.phar config vendor-dir Vendor && \
|
||||
php composer.phar install --ignore-platform-reqs
|
||||
USER root
|
||||
RUN phpenmod redis
|
||||
USER www-data
|
||||
|
@ -96,115 +94,119 @@ RUN cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeR
|
|||
|
||||
# Fix permissions
|
||||
USER root
|
||||
RUN chown -R www-data:www-data /var/www/MISP
|
||||
RUN chmod -R 750 /var/www/MISP
|
||||
RUN chmod -R g+ws /var/www/MISP/app/tmp
|
||||
RUN chmod -R g+ws /var/www/MISP/app/files
|
||||
RUN chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
|
||||
RUN chmod +x /var/www/MISP/app/Console/cake
|
||||
RUN chown -R www-data:www-data /var/www/MISP && \
|
||||
chmod -R 750 /var/www/MISP && \
|
||||
chmod -R g+ws /var/www/MISP/app/tmp && \
|
||||
chmod -R g+ws /var/www/MISP/app/files && \
|
||||
chmod -R g+ws /var/www/MISP/app/files/scripts/tmp && \
|
||||
chmod +x /var/www/MISP/app/Console/cake
|
||||
|
||||
RUN cp /var/www/MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
|
||||
# Preconfigure setting for packages
|
||||
RUN echo "postfix postfix/main_mailer_type string Local only" | debconf-set-selections
|
||||
RUN echo "postfix postfix/mailname string localhost.localdomain" | debconf-set-selections
|
||||
RUN echo "postfix postfix/main_mailer_type string Local only" \
|
||||
| debconf-set-selections && \
|
||||
echo "postfix postfix/mailname string localhost.localdomain" | \
|
||||
debconf-set-selections
|
||||
|
||||
# Redis Setup
|
||||
RUN sed -i 's/^\(daemonize\s*\)yes\s*$/\1no/g' /etc/redis/redis.conf
|
||||
|
||||
# Apache Setup
|
||||
RUN cp /var/www/MISP/INSTALL/apache.misp.ubuntu /etc/apache2/sites-available/misp.conf
|
||||
RUN a2dissite 000-default
|
||||
RUN a2ensite misp
|
||||
RUN a2enmod rewrite
|
||||
RUN a2enmod headers
|
||||
RUN cp /var/www/MISP/INSTALL/apache.misp.ubuntu /etc/apache2/sites-available/misp.conf && \
|
||||
a2dissite 000-default && \
|
||||
a2ensite misp && \
|
||||
a2enmod rewrite && \
|
||||
a2enmod headers
|
||||
|
||||
# MISP base configuration
|
||||
RUN sudo -u www-data cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php
|
||||
RUN sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php
|
||||
RUN sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php
|
||||
RUN sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
|
||||
RUN chown -R www-data:www-data /var/www/MISP/app/Config
|
||||
RUN chmod -R 750 /var/www/MISP/app/Config
|
||||
RUN sudo -u www-data cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php && \
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php && \
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php && \
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php && \
|
||||
chown -R www-data:www-data /var/www/MISP/app/Config && \
|
||||
chmod -R 750 /var/www/MISP/app/Config
|
||||
|
||||
# Replace the default salt
|
||||
RUN sed -i -E "s/'salt'\s=>\s'(\S+)'/'salt' => '`openssl rand -base64 32|tr "/" "-"`'/" /var/www/MISP/app/Config/config.php
|
||||
|
||||
# Enable workers at boot time
|
||||
RUN chmod a+x /var/www/MISP/app/Console/worker/start.sh
|
||||
RUN echo "sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh" >>/etc/rc.local
|
||||
RUN chmod a+x /var/www/MISP/app/Console/worker/start.sh && \
|
||||
echo "sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh" >>/etc/rc.local
|
||||
|
||||
# Install templates & stuff
|
||||
WORKDIR /var/www/MISP/app/files
|
||||
RUN rm -rf misp-objects && git clone https://github.com/MISP/misp-objects.git
|
||||
RUN rm -rf misp-galaxy && git clone https://github.com/MISP/misp-galaxy.git
|
||||
RUN rm -rf warninglists && git clone https://github.com/MISP/misp-warninglists.git ./warninglists
|
||||
RUN rm -rf taxonomies && git clone https://github.com/MISP/misp-taxonomies.git ./taxonomies
|
||||
RUN chown -R www-data:www-data misp-objects misp-galaxy warninglists taxonomies
|
||||
RUN rm -rf misp-objects && git clone https://github.com/MISP/misp-objects.git && \
|
||||
rm -rf misp-galaxy && git clone https://github.com/MISP/misp-galaxy.git && \
|
||||
rm -rf warninglists && git clone https://github.com/MISP/misp-warninglists.git ./warninglists && \
|
||||
rm -rf taxonomies && git clone https://github.com/MISP/misp-taxonomies.git ./taxonomies && \
|
||||
chown -R www-data:www-data misp-objects misp-galaxy warninglists taxonomies
|
||||
|
||||
# Install MISP build requirements
|
||||
RUN sudo -E apt-get -y install libpoppler58 libpoppler-dev libpoppler-cpp-dev
|
||||
RUN sudo -E apt-get -y install libpoppler73 libpoppler-dev libpoppler-cpp-dev
|
||||
|
||||
# Install MISP Modules
|
||||
WORKDIR /opt
|
||||
RUN apt-get install -y python3 python3-pip libjpeg-dev
|
||||
# PIP3 fix
|
||||
RUN pip install --upgrade pip
|
||||
RUN pip3 install --upgrade pip
|
||||
# END FIX
|
||||
RUN git clone https://github.com/MISP/misp-modules.git
|
||||
WORKDIR /opt/misp-modules
|
||||
RUN pip3 install --upgrade pip
|
||||
RUN cat REQUIREMENTS | sed 's/aiohttp==3.4.4/aiohttp/g' > REQUIREMENTS
|
||||
RUN pip3 install --upgrade --ignore-installed urllib3
|
||||
RUN pip3 install --upgrade --ignore-installed requests
|
||||
RUN pip3 install --upgrade pip && \
|
||||
cat REQUIREMENTS | sed 's/aiohttp==3.4.4/aiohttp/g' > REQUIREMENTS && \
|
||||
pip3 install --upgrade --ignore-installed urllib3 && \
|
||||
pip3 install --upgrade --ignore-installed requests
|
||||
|
||||
RUN sed -i 's/aiohttp.*/aiohttp/g' REQUIREMENTS
|
||||
RUN sed -i 's/functools.*//g' REQUIREMENTS
|
||||
RUN sed -i 's/async-timeout.*/async-timeout/g' REQUIREMENTS
|
||||
RUN sed -i 's/url-normalize.*/url-normalize/g' REQUIREMENTS
|
||||
RUN sed -i 's/^\(yarl\)\=.*/\1/g' REQUIREMENTS
|
||||
RUN sed -i 's/^\(sigmatools\)\=.*/\1/' REQUIREMENTS
|
||||
RUN pip3 install -I -r REQUIREMENTS
|
||||
RUN pip3 install -I .
|
||||
RUN echo "sudo -u www-data misp-modules -s -l 127.0.0.1 &" >>/etc/rc.local
|
||||
RUN sed -i 's/aiohttp.*/aiohttp/g' REQUIREMENTS && \
|
||||
sed -i 's/functools.*//g' REQUIREMENTS && \
|
||||
sed -i 's/async-timeout.*/async-timeout/g' REQUIREMENTS && \
|
||||
sed -i 's/url-normalize.*/url-normalize/g' REQUIREMENTS && \
|
||||
sed -i 's/^\(yarl\)\=.*/\1/g' REQUIREMENTS && \
|
||||
sed -i 's/^\(sigmatools\)\=.*/\1/' REQUIREMENTS && \
|
||||
pip3 install -I -r REQUIREMENTS && \
|
||||
pip3 install -I . && \
|
||||
echo "sudo -u www-data misp-modules -s -l 127.0.0.1 &" >>/etc/rc.local
|
||||
|
||||
# Supervisord Setup
|
||||
RUN echo '[supervisord]' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo 'nodaemon = true' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo '' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo '[program:postfix]' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo 'process_name = master' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo 'directory = /etc/postfix' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo 'command = /usr/sbin/postfix -c /etc/postfix start' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo 'startsecs = 0' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo 'autorestart = false' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo '' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo '[program:redis-server]' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo 'command=redis-server /etc/redis/redis.conf' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo '' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo '[program:apache2]' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo 'command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -D FOREGROUND"' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo '' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo '[program:resque]' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo 'command=/bin/bash /var/www/MISP/app/Console/worker/start.sh' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo 'user = www-data' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo 'startsecs = 0' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo 'autorestart = false' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo '' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo '[program:misp-modules]' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo 'command=/bin/bash -c "misp-modules -s -l 127.0.0.1"' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo 'user = www-data' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo 'startsecs = 0' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN echo 'autorestart = false' >> /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN ( \
|
||||
echo '[supervisord]'; \
|
||||
echo 'nodaemon = true'; \
|
||||
echo ''; \
|
||||
echo '[program:postfix]'; \
|
||||
echo 'process_name = master'; \
|
||||
echo 'directory = /etc/postfix'; \
|
||||
echo 'command = /usr/sbin/postfix -c /etc/postfix start'; \
|
||||
echo 'startsecs = 0'; \
|
||||
echo 'autorestart = false'; \
|
||||
echo ''; \
|
||||
echo '[program:redis-server]'; \
|
||||
echo 'command=redis-server /etc/redis/redis.conf'; \
|
||||
echo ''; \
|
||||
echo '[program:apache2]'; \
|
||||
echo 'command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -D FOREGROUND"'; \
|
||||
echo ''; \
|
||||
echo '[program:resque]'; \
|
||||
echo 'command=/bin/bash /var/www/MISP/app/Console/worker/start.sh'; \
|
||||
echo 'user = www-data'; \
|
||||
echo 'startsecs = 0'; \
|
||||
echo 'autorestart = false'; \
|
||||
echo ''; \
|
||||
echo '[program:misp-modules]'; \
|
||||
echo 'command=/bin/bash -c "misp-modules -s -l 127.0.0.1"'; \
|
||||
echo 'user = www-data'; \
|
||||
echo 'startsecs = 0'; \
|
||||
echo 'autorestart = false'; \
|
||||
) >> /etc/supervisor/conf.d/supervisord.conf
|
||||
|
||||
# Modify syslog configuration
|
||||
RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
|
||||
|
||||
# Add run script
|
||||
ADD run.sh /run.sh
|
||||
RUN chmod 0755 /run.sh
|
||||
|
||||
# Trigger to perform first boot operations
|
||||
RUN touch /.firstboot.tmp
|
||||
ADD run.sh /run.sh
|
||||
RUN chmod 0755 /run.sh && touch /.firstboot.tmp
|
||||
|
||||
|
||||
# Make a backup of /var/www/MISP to restore it to the local moint point at first boot
|
||||
WORKDIR /var/www/MISP
|
||||
|
|
Loading…
Reference in New Issue