mirror of https://github.com/MISP/misp-docker
Merge pull request #93 from stevengoossensB/revert-79-master
Revert "Create the database"
commit
9038d50eda
|
@ -14,7 +14,7 @@ services:
|
|||
web:
|
||||
build: web
|
||||
container_name: misp_web
|
||||
image: stevengoossens/misp:latest
|
||||
image: misp:latest
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /dev/urandom:/dev/random
|
||||
|
|
|
@ -15,7 +15,7 @@ server {
|
|||
|
||||
location / {
|
||||
include /etc/nginx/includes/proxy.conf;
|
||||
proxy_pass http://misp_web;
|
||||
proxy_pass http://web;
|
||||
}
|
||||
|
||||
access_log off;
|
||||
|
|
196
web/Dockerfile
196
web/Dockerfile
|
@ -1,16 +1,192 @@
|
|||
|
||||
FROM ubuntu:focal
|
||||
FROM ubuntu:bionic
|
||||
|
||||
# Install core components
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
RUN apt update -y && apt install wget sudo -y
|
||||
# This will install MISP Core
|
||||
RUN wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
|
||||
RUN sed -i 's/> \/dev\/tty//' /tmp/INSTALL.sh
|
||||
RUN sed -i 's/> \/dev\/null//' /tmp/INSTALL.sh
|
||||
RUN sed -i 's/checkInstaller$/#checkInstaller/' /tmp/INSTALL.sh
|
||||
RUN bash /tmp/INSTALL.sh -c
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get dist-upgrade -y && apt-get autoremove -y && apt-get clean && \
|
||||
apt-get install -y software-properties-common && \
|
||||
apt-get install -y postfix && \
|
||||
apt-get install -y mysql-client curl gcc git gnupg-agent \
|
||||
make python openssl redis-server sudo vim zip locales
|
||||
|
||||
RUN locale-gen en_US.UTF-8
|
||||
ENV LANG en_US.UTF-8
|
||||
|
||||
# Apache
|
||||
RUN apt-get install -y apache2 apache2-doc apache2-utils && \
|
||||
a2dismod status && \
|
||||
a2dissite 000-default
|
||||
|
||||
# PHP 7.2 and install MySQL PDO extension
|
||||
RUN apt-get install -y libapache2-mod-php php php-dev php-json \
|
||||
php-mysql php-redis php-xml php-mbstring \
|
||||
php-gd php-pear php-opcache \
|
||||
pkg-config libbson-1.0 libmongoc-1.0-0
|
||||
|
||||
# Fix php.ini with recommended settings
|
||||
RUN sed -i \
|
||||
-e "s/max_execution_time = 30/max_execution_time = 300/" \
|
||||
-e "s/memory_limit = 128M/memory_limit = 2048M/" \
|
||||
-e "s/upload_max_filesize = 2M/upload_max_filesize = 50M/" \
|
||||
-e "s/post_max_size = 8M/post_max_size = 50M/" \
|
||||
/etc/php/7.2/apache2/php.ini
|
||||
|
||||
RUN apt-get install -y python3-dev python3-pip python3-setuptools \
|
||||
python3-lxml libjpeg-dev \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev libfuzzy-dev && \
|
||||
apt-get install -y cron logrotate supervisor syslog-ng-core && \
|
||||
apt-get clean
|
||||
|
||||
WORKDIR /var/www
|
||||
RUN chown www-data:www-data /var/www
|
||||
USER www-data
|
||||
RUN git clone https://github.com/MISP/MISP.git
|
||||
WORKDIR /var/www/MISP
|
||||
RUN git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`) && \
|
||||
git config core.filemode false && \
|
||||
git submodule update --init --recursive && \
|
||||
git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
USER root
|
||||
RUN pip3 install --upgrade pip
|
||||
RUN pip3 install git+https://github.com/STIXProject/python-stix.git \
|
||||
git+https://github.com/CybOXProject/python-cybox.git \
|
||||
git+https://github.com/CybOXProject/mixbox.git \
|
||||
git+https://github.com/MAECProject/python-maec.git \
|
||||
/var/www/MISP/cti-python-stix2 \
|
||||
plyara
|
||||
|
||||
USER www-data
|
||||
WORKDIR /var/www/MISP
|
||||
RUN git submodule init && git submodule update
|
||||
WORKDIR /var/www/MISP/app
|
||||
|
||||
# FIX COMPOSER
|
||||
RUN curl --fail --location -o composer-setup.php https://getcomposer.org/installer && \
|
||||
EXPECTED_SIGNATURE="$(curl https://composer.github.io/installer.sig)"; php -r "if (hash_file('sha384', 'composer-setup.php') == '$(echo $EXPECTED_SIGNATURE)' ) { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" && \
|
||||
php composer-setup.php && \
|
||||
php -r "unlink('composer-setup.php');"
|
||||
# END FIX
|
||||
|
||||
RUN php composer.phar update && \
|
||||
php composer.phar config vendor-dir Vendor && \
|
||||
php composer.phar install --ignore-platform-reqs
|
||||
USER root
|
||||
RUN phpenmod redis
|
||||
USER www-data
|
||||
RUN cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
# Fix permissions
|
||||
USER root
|
||||
RUN chown -R www-data:www-data /var/www/MISP && \
|
||||
chmod -R 750 /var/www/MISP && \
|
||||
chmod -R g+ws /var/www/MISP/app/tmp && \
|
||||
chmod -R g+ws /var/www/MISP/app/files && \
|
||||
chmod -R g+ws /var/www/MISP/app/files/scripts/tmp && \
|
||||
chmod +x /var/www/MISP/app/Console/cake
|
||||
|
||||
RUN cp /var/www/MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
|
||||
# Preconfigure setting for packages
|
||||
RUN echo "postfix postfix/main_mailer_type string Local only" \
|
||||
| debconf-set-selections && \
|
||||
echo "postfix postfix/mailname string localhost.localdomain" | \
|
||||
debconf-set-selections
|
||||
|
||||
# Redis Setup
|
||||
RUN sed -i 's/^\(daemonize\s*\)yes\s*$/\1no/g' /etc/redis/redis.conf
|
||||
RUN sed -i 's/^\(bind\s*\)127.0.0.1 ::1\s*$/\1127.0.0.1/g' /etc/redis/redis.conf
|
||||
|
||||
# Add a healthcheck endpoint
|
||||
COPY healthcheck.patch healthcheck.patch
|
||||
RUN patch /var/www/MISP/INSTALL/apache.misp.ubuntu < healthcheck.patch
|
||||
|
||||
# Apache Setup
|
||||
RUN cp /var/www/MISP/INSTALL/apache.misp.ubuntu /etc/apache2/sites-available/misp.conf && \
|
||||
a2dissite 000-default && \
|
||||
a2ensite misp && \
|
||||
a2enmod rewrite && \
|
||||
a2enmod headers
|
||||
|
||||
# MISP base configuration
|
||||
RUN sudo -u www-data cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php && \
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php && \
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php && \
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php && \
|
||||
chown -R www-data:www-data /var/www/MISP/app/Config && \
|
||||
chmod -R 750 /var/www/MISP/app/Config
|
||||
|
||||
# Replace the default salt
|
||||
RUN sed -i -E "s/'salt'\s=>\s'(\S+)'/'salt' => '`openssl rand -base64 32|tr "/" "-"`'/" /var/www/MISP/app/Config/config.php
|
||||
|
||||
# Enable workers at boot time
|
||||
RUN chmod a+x /var/www/MISP/app/Console/worker/start.sh && \
|
||||
echo "sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh" >>/etc/rc.local
|
||||
|
||||
# Install templates & stuff
|
||||
WORKDIR /var/www/MISP/app/files
|
||||
RUN rm -rf misp-objects && git clone https://github.com/MISP/misp-objects.git && \
|
||||
rm -rf misp-galaxy && git clone https://github.com/MISP/misp-galaxy.git && \
|
||||
rm -rf warninglists && git clone https://github.com/MISP/misp-warninglists.git ./warninglists && \
|
||||
rm -rf taxonomies && git clone https://github.com/MISP/misp-taxonomies.git ./taxonomies && \
|
||||
chown -R www-data:www-data misp-objects misp-galaxy warninglists taxonomies
|
||||
|
||||
# Install MISP build requirements
|
||||
RUN sudo -E apt-get -y install libpoppler73 libpoppler-dev libpoppler-cpp-dev
|
||||
|
||||
# Install MISP Modules
|
||||
WORKDIR /opt
|
||||
RUN git clone https://github.com/MISP/misp-modules.git
|
||||
RUN cd misp-modules && \
|
||||
pip3 install -I -r REQUIREMENTS && \
|
||||
pip3 install -I . && \
|
||||
echo "sudo -u www-data misp-modules -s -l 127.0.0.1 &" >>/etc/rc.local
|
||||
|
||||
# Supervisord Setup
|
||||
RUN ( \
|
||||
echo '[supervisord]'; \
|
||||
echo 'nodaemon = true'; \
|
||||
echo ''; \
|
||||
echo '[program:postfix]'; \
|
||||
echo 'process_name = master'; \
|
||||
echo 'directory = /etc/postfix'; \
|
||||
echo 'command = /usr/sbin/postfix -c /etc/postfix start'; \
|
||||
echo 'startsecs = 0'; \
|
||||
echo 'autorestart = false'; \
|
||||
echo ''; \
|
||||
echo '[program:redis-server]'; \
|
||||
echo 'command=redis-server /etc/redis/redis.conf'; \
|
||||
echo ''; \
|
||||
echo '[program:apache2]'; \
|
||||
echo 'command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -D FOREGROUND"'; \
|
||||
echo ''; \
|
||||
echo '[program:resque]'; \
|
||||
echo 'command=/bin/bash /var/www/MISP/app/Console/worker/start.sh'; \
|
||||
echo 'user = www-data'; \
|
||||
echo 'startsecs = 0'; \
|
||||
echo 'autorestart = false'; \
|
||||
echo ''; \
|
||||
echo '[program:misp-modules]'; \
|
||||
echo 'command=/bin/bash -c "misp-modules -s -l 127.0.0.1"'; \
|
||||
echo 'user = www-data'; \
|
||||
echo 'startsecs = 0'; \
|
||||
echo 'autorestart = false'; \
|
||||
) >> /etc/supervisor/conf.d/supervisord.conf
|
||||
|
||||
# Modify syslog configuration
|
||||
RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
|
||||
|
||||
# Add run script
|
||||
# Trigger to perform first boot operations
|
||||
ADD run.sh /run.sh
|
||||
RUN chmod 0755 /run.sh && touch /.firstboot.tmp
|
||||
|
||||
# Make a backup of /var/www/MISP to restore it to the local moint point at first boot
|
||||
WORKDIR /var/www/MISP
|
||||
RUN tar czpf /root/MISP.tgz .
|
||||
|
||||
VOLUME /var/www/MISP
|
||||
EXPOSE 80 443
|
||||
|
||||
EXPOSE 80
|
||||
ENTRYPOINT ["/run.sh"]
|
||||
|
|
141
web/run.sh
141
web/run.sh
|
@ -1,12 +1,146 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# MISP docker startup script
|
||||
# Steven Goossens - steven@teamg.be
|
||||
# Xavier Mertens <xavier@rootshell.be>
|
||||
#
|
||||
# 2017/05/17 - Created
|
||||
# 2017/05/31 - Fixed small errors
|
||||
# 2019/10/17 - Use built-in mysql docker DB creation and use std env names (dafal)
|
||||
#
|
||||
|
||||
set -e
|
||||
git pull /var/www/MISP
|
||||
|
||||
# Make MISP live
|
||||
if [ -r /.firstboot.tmp ]; then
|
||||
echo "Container started for the fist time. Setup might time a few minutes. Please wait..."
|
||||
echo "(Details are logged in /tmp/install.log)"
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
# If the user uses a mount point restore our files
|
||||
if [ ! -d /var/www/MISP/app ]; then
|
||||
echo "Restoring MISP files..."
|
||||
cd /var/www/MISP
|
||||
tar xzpf /root/MISP.tgz
|
||||
rm /root/MISP.tgz
|
||||
fi
|
||||
|
||||
echo "Configuring postfix"
|
||||
if [ -z "$POSTFIX_RELAY_HOST" ]; then
|
||||
echo "POSTFIX_RELAY_HOST is not set, please configure Postfix manually later..."
|
||||
else
|
||||
postconf -e "relayhost = $POSTFIX_RELAY"
|
||||
fi
|
||||
|
||||
# Fix timezone (adapt to your local zone)
|
||||
if [ -z "$TIMEZONE" ]; then
|
||||
echo "TIMEZONE is not set, please configure the local time zone manually later..."
|
||||
else
|
||||
echo "$TIMEZONE" > /etc/timezone
|
||||
dpkg-reconfigure -f noninteractive tzdata >>/tmp/install.log
|
||||
fi
|
||||
|
||||
echo "Creating MySQL database"
|
||||
|
||||
# Check MYSQL_HOST
|
||||
if [ -z "$MYSQL_HOST" ]; then
|
||||
echo "MYSQL_HOST is not set. Aborting."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Waiting for DB to be ready
|
||||
while ! mysqladmin ping -h"$MYSQL_HOST" --silent; do
|
||||
sleep 5
|
||||
echo "Waiting for database to be ready..."
|
||||
done
|
||||
|
||||
# Set MYSQL_PASSWORD
|
||||
if [ -z "$MYSQL_PASSWORD" ]; then
|
||||
echo "MYSQL_PASSWORD is not set, use default value 'misp'"
|
||||
MYSQL_PASSWORD=misp
|
||||
else
|
||||
echo "MYSQL_PASSWORD is set to '$MYSQL_PASSWORD'"
|
||||
fi
|
||||
|
||||
ret=`echo 'SHOW TABLES;' | mysql -u $MYSQL_USER --password="$MYSQL_PASSWORD" -h $MYSQL_HOST -P 3306 $MYSQL_DATABASE # 2>&1`
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "Connected to database successfully!"
|
||||
found=0
|
||||
for table in $ret; do
|
||||
if [ "$table" == "attributes" ]; then
|
||||
found=1
|
||||
fi
|
||||
done
|
||||
if [ $found -eq 1 ]; then
|
||||
echo "Database misp available"
|
||||
else
|
||||
echo "Database misp empty, creating tables ..."
|
||||
ret=`mysql -u $MYSQL_USER --password="$MYSQL_PASSWORD" $MYSQL_DATABASE -h $MYSQL_HOST -P 3306 2>&1 < /var/www/MISP/INSTALL/MYSQL.sql`
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "Imported /var/www/MISP/INSTALL/MYSQL.sql successfully"
|
||||
else
|
||||
echo "ERROR: Importing /var/www/MISP/INSTALL/MYSQL.sql failed:"
|
||||
echo $ret
|
||||
fi
|
||||
fi
|
||||
else
|
||||
echo "ERROR: Connecting to database failed:"
|
||||
echo $ret
|
||||
fi
|
||||
|
||||
# MISP configuration
|
||||
echo "Creating MISP configuration files"
|
||||
cd /var/www/MISP/app/Config
|
||||
cp -a database.default.php database.php
|
||||
sed -i "s/localhost/$MYSQL_HOST/" database.php
|
||||
sed -i "s/db\s*login/$MYSQL_USER/" database.php
|
||||
sed -i "s/8889/3306/" database.php
|
||||
sed -i "s/db\s*password/$MYSQL_PASSWORD/" database.php
|
||||
|
||||
# Fix the base url
|
||||
if [ -z "$MISP_BASEURL" ]; then
|
||||
echo "No base URL defined, don't forget to define it manually!"
|
||||
else
|
||||
echo "Fixing the MISP base URL ($MISP_BASEURL) ..."
|
||||
sed -i "s/'baseurl' => '',/'baseurl' => '$MISP_BASEURL',/g" /var/www/MISP/app/Config/config.php
|
||||
fi
|
||||
|
||||
# Generate the admin user PGP key
|
||||
echo "Creating admin GnuPG key"
|
||||
if [ -z "$MISP_ADMIN_EMAIL" -o -z "$MISP_ADMIN_PASSPHRASE" ]; then
|
||||
echo "No admin details provided, don't forget to generate the PGP key manually!"
|
||||
else
|
||||
echo "Generating admin PGP key ... (please be patient, we need some entropy)"
|
||||
cat >/tmp/gpg.tmp <<GPGEOF
|
||||
%echo Generating a basic OpenPGP key
|
||||
Key-Type: RSA
|
||||
Key-Length: 2048
|
||||
Name-Real: MISP Admin
|
||||
Name-Email: $MISP_ADMIN_EMAIL
|
||||
Expire-Date: 0
|
||||
Passphrase: $MISP_ADMIN_PASSPHRASE
|
||||
%commit
|
||||
%echo Done
|
||||
GPGEOF
|
||||
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --gen-key --batch /tmp/gpg.tmp >>/tmp/install.log
|
||||
rm -f /tmp/gpg.tmp
|
||||
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --export --armor $MISP_ADMIN_EMAIL > /var/www/MISP/app/webroot/gpg.asc
|
||||
fi
|
||||
|
||||
# Display tips
|
||||
cat <<__WELCOME__
|
||||
Congratulations!
|
||||
Your MISP docker has been successfully booted for the first time.
|
||||
Don't forget:
|
||||
- Reconfigure postfix to match your environment
|
||||
- Change the MISP admin email address to $MISP_ADMIN_EMAIL
|
||||
|
||||
__WELCOME__
|
||||
rm -f /.firstboot.tmp
|
||||
fi
|
||||
|
||||
# Make MISP live - this isn't ideal, as it means taking an instance
|
||||
# non-live will make it live again if the container restarts. That seems
|
||||
# better than the default which is that MISP is non-live on container restart.
|
||||
# Ideally live/non-live would be persisted in the database.
|
||||
/var/www/MISP/app/Console/cake live 1
|
||||
chown www-data:www-data /var/www/MISP/app/Config/config.php*
|
||||
|
||||
|
@ -14,3 +148,4 @@ chown www-data:www-data /var/www/MISP/app/Config/config.php*
|
|||
echo "Starting supervisord"
|
||||
cd /
|
||||
exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf
|
||||
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
# This is ssh server systemwide configuration file.
|
||||
#
|
||||
# /etc/sshd_config
|
||||
|
||||
Port 2222
|
||||
ListenAddress 0.0.0.0
|
||||
LoginGraceTime 180
|
||||
X11Forwarding yes
|
||||
Ciphers aes128-cbc,3des-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
|
||||
MACs hmac-sha1,hmac-sha1-96
|
||||
StrictModes yes
|
||||
SyslogFacility DAEMON
|
||||
PasswordAuthentication yes
|
||||
PermitEmptyPasswords no
|
||||
PermitRootLogin yes
|
||||
Subsystem sftp internal-sftp
|
Loading…
Reference in New Issue