MISP
/
misp-docker
mirror of https://github.com/MISP/misp-docker
2
0
Fork 0
Code Issues Releases Wiki Activity

Initial Bullseye work

pull/1/head
Jason Kendall 2022-01-05 12:25:27 -05:00
parent 1aecb1fbdf
commit cec3f31b9d
7 changed files with 27 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.env
View File

@ -1,3 +1,3 @@
MISP_TAG=v2.4.152 MISP_TAG=v2.4.152
MODULES_TAG=v2.4.152 MODULES_TAG=v2.4.152
PHP_VER=20180731 PHP_VER=20190902

9
modules/Dockerfile
View File

@ -1,4 +1,4 @@
FROM python:3.7-slim-buster as builder FROM python:3.9-slim-bullseye as builder
ENV DEBIAN_FRONTEND noninteractive ENV DEBIAN_FRONTEND noninteractive
ARG MODULES_TAG ARG MODULES_TAG
@ -18,11 +18,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
RUN mkdir /wheel RUN mkdir /wheel
WORKDIR /srv WORKDIR /srv
# TODO: remove downgrade of sigmatools when we have Python 3.8 ref #128 and #143
RUN git clone --branch ${MODULES_TAG} --depth 1 https://github.com/MISP/misp-modules.git /srv/misp-modules; \ RUN git clone --branch ${MODULES_TAG} --depth 1 https://github.com/MISP/misp-modules.git /srv/misp-modules; \
cd /srv/misp-modules || exit; \ cd /srv/misp-modules || exit; sed -i 's/-e //g' REQUIREMENTS; pip3 wheel -r REQUIREMENTS --no-cache-dir -w /wheel/
sed -i -e 's/-e //g' -e 's/sigmatools==0.20/sigmatools==0.19.1/' REQUIREMENTS; \
pip3 wheel -r REQUIREMENTS --no-cache-dir -w /wheel/
RUN git clone --depth 1 https://github.com/stricaud/faup.git /srv/faup; \ RUN git clone --depth 1 https://github.com/stricaud/faup.git /srv/faup; \
cd /srv/faup/build || exit; cmake .. && make install; \ cd /srv/faup/build || exit; cmake .. && make install; \
@ -33,7 +30,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
RUN find . -name "chardet*" | grep -v "chardet-4.0.0" | xargs rm -f RUN find . -name "chardet*" | grep -v "chardet-4.0.0" | xargs rm -f
FROM python:3.7-slim-buster FROM python:3.9-slim-bullseye
RUN apt-get update && apt-get install -y --no-install-recommends \ RUN apt-get update && apt-get install -y --no-install-recommends \
libglib2.0-0 \ libglib2.0-0 \

22
server/Dockerfile
View File

@ -1,11 +1,11 @@
FROM composer:2.1 as composer-build FROM composer:2.2 as composer-build
ARG MISP_TAG ARG MISP_TAG
WORKDIR /tmp WORKDIR /tmp
ADD https://raw.githubusercontent.com/MISP/MISP/${MISP_TAG}/app/composer.json /tmp ADD https://raw.githubusercontent.com/MISP/MISP/${MISP_TAG}/app/composer.json /tmp
RUN composer install --ignore-platform-reqs && \ RUN composer install --ignore-platform-reqs && \
composer require jumbojett/openid-connect-php --ignore-platform-reqs composer require jumbojett/openid-connect-php --ignore-platform-reqs
FROM debian:buster-slim as php-build FROM debian:bullseye-slim as php-build
RUN apt-get update; apt-get install -y --no-install-recommends \ RUN apt-get update; apt-get install -y --no-install-recommends \
gcc \ gcc \
make \ make \
@ -23,7 +23,7 @@ FROM debian:buster-slim as php-build
RUN git clone --recursive --depth=1 https://github.com/kjdev/php-ext-brotli.git && cd php-ext-brotli && phpize && ./configure && make && make install RUN git clone --recursive --depth=1 https://github.com/kjdev/php-ext-brotli.git && cd php-ext-brotli && phpize && ./configure && make && make install
FROM debian:buster-slim as python-build FROM debian:bullseye-slim as python-build
RUN apt-get update; apt-get install -y --no-install-recommends \ RUN apt-get update; apt-get install -y --no-install-recommends \
gcc \ gcc \
git \ git \
@ -60,9 +60,10 @@ FROM debian:buster-slim as python-build
sed -i 's/-e //g' requirements.txt; pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/ sed -i 's/-e //g' requirements.txt; pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
# install STIX2.0 library to support STIX 2.0 export: # install STIX2.0 library to support STIX 2.0 export:
# Original Requirements has a bunch of non-required pacakges, force it to only grab wheels for deps from setup.py
RUN git clone --depth 1 https://github.com/MISP/cti-python-stix2.git; \ RUN git clone --depth 1 https://github.com/MISP/cti-python-stix2.git; \
cd cti-python-stix2 || exit; python3 setup.py bdist_wheel -d /wheels; \ cd cti-python-stix2 || exit; python3 setup.py bdist_wheel -d /wheels; \
sed -i 's/-e //g' requirements.txt; pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/ echo "-e ." > requirements.txt; pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
# install PyMISP # install PyMISP
RUN git clone --depth 1 https://github.com/MISP/PyMISP.git; \ RUN git clone --depth 1 https://github.com/MISP/PyMISP.git; \
@ -75,17 +76,15 @@ FROM debian:buster-slim as python-build
# Grab other modules we need # Grab other modules we need
RUN pip3 wheel --no-cache-dir -w /wheels/ plyara pyzmq redis python-magic lief RUN pip3 wheel --no-cache-dir -w /wheels/ plyara pyzmq redis python-magic lief
# Temp workaround for cryptography library
RUN pip3 wheel 'cryptography>=3.3.0,<3.4.0' --no-cache-dir -w /wheels/
# Remove extra packages due to incompatible requirements.txt files # Remove extra packages due to incompatible requirements.txt files
WORKDIR /wheels WORKDIR /wheels
RUN find . -name "pluggy*" | grep -v "pluggy-0.13.1" | xargs rm -f RUN find . -name "pluggy*" | tee /dev/stderr | grep -v "pluggy-1.0.0" | xargs rm -f
RUN find . -name "tox*" | grep -v "tox-2.7.0" | xargs rm -f RUN find . -name "tox*" | tee /dev/stderr | grep -v "tox-3.24.5" | xargs rm -f
RUN find . -name "Sphinx*" | grep -v "Sphinx-1.8.5" | xargs rm -f RUN find . -name "Sphinx*" | tee /dev/stderr | grep -v "Sphinx-1.8.6" | xargs rm -f
RUN find . -name "docutils*" | tee /dev/stderr | grep -v "docutils-0.17.1" | xargs rm -f
FROM debian:buster-slim FROM debian:bullseye-slim
ENV DEBIAN_FRONTEND noninteractive ENV DEBIAN_FRONTEND noninteractive
ARG MISP_TAG ARG MISP_TAG
ARG PHP_VER ARG PHP_VER
@ -111,6 +110,7 @@ ARG PHP_VER
python3-pip \ python3-pip \
# PHP Requirements # PHP Requirements
php \ php \
php-apcu \
php-curl \ php-curl \
php-xml \ php-xml \
php-intl \ php-intl \

2
server/files/entrypoint_fpm.sh
View File

@ -14,4 +14,4 @@ change_php_vars(){
echo "Configure PHP | Change PHP values ..." && change_php_vars echo "Configure PHP | Change PHP values ..." && change_php_vars
echo "Starting PHP FPM" echo "Starting PHP FPM"
/usr/sbin/php-fpm7.3 -R -F /usr/sbin/php-fpm7.4 -R -F

2
server/files/etc/nginx/misp
View File

@ -45,7 +45,7 @@ server {
location ~ \.php$ { location ~ \.php$ {
include snippets/fastcgi-php.conf; include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_read_timeout 300; fastcgi_read_timeout 300;
} }
} }

2
server/files/etc/nginx/misp-secure
View File

@ -43,7 +43,7 @@ server {
location ~ \.php$ { location ~ \.php$ {
include snippets/fastcgi-php.conf; include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_read_timeout 300; fastcgi_read_timeout 300;
} }
} }

18
server/files/etc/nginx/misp80-noredir
View File

@ -12,14 +12,14 @@ server {
error_log /dev/stderr error; error_log /dev/stderr error;
# Aded headers for hardening browser security # Aded headers for hardening browser security
add_header Referrer-Policy "no-referrer" always; add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always; add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always; add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak # Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By; fastcgi_hide_header X-Powered-By;
@ -29,7 +29,7 @@ server {
location ~ \.php$ { location ~ \.php$ {
include snippets/fastcgi-php.conf; include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_read_timeout 300; fastcgi_read_timeout 300;
} }
} }