MISP
/
misp-docker
mirror of https://github.com/MISP/misp-docker
2
0
Fork 0
Code Issues Releases Wiki Activity

Initial

pull/1/head
Jason Kendall 2019-11-25 16:58:18 -05:00
parent 7b5c54b7e9
commit d715bff081
23 changed files with 1533 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.gitignore vendored Normal file
View File

@ -0,0 +1,11 @@
logs/
ssl/cert.pem
ssl/chain.pem
ssl/dhparams.pem
ssl/key.pem
server-configs/database.php
server-configs/config.php
server-configs/bootstrap.php
server-configs/core.php
server-configs/config.php.bk
files/INIT

33
docker-compose.yml Normal file
View File

@ -0,0 +1,33 @@
version: '3'
services:
redis:
image: redis:5.0.6
db:
image: mysql
command: --default-authentication-plugin=mysql_native_password
restart: always
environment:
- "MYSQL_USER=misp"
- "MYSQL_PASSWORD=example"
- "MYSQL_ROOT_PASSWORD=password"
- "MYSQL_DATABASE=misp"
misp:
image: misp
build: server/.
ports:
- "80:80"
- "443:443"
volumes:
- "./server-configs/:/var/www/MISP/app/Config/"
- "./logs/:/var/www/MISP/app/tmp/logs/"
- "./files/:/var/www/MISP/app/files"
- "./ssl/:/etc/apache2/ssl/"
environment:
- "MYSQL_PASSWORD=example"
- "INIT_MYSQL=true" # Lack of "IF NOT EXISTS" in sql dump.. sigh
misp-modules:
image: misp-modules
build: modules/.

0
files/empty Normal file
View File

0
logs/empty Normal file
View File

40
modules/Dockerfile Normal file
View File

@ -0,0 +1,40 @@
FROM python:3.7-slim-buster
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && apt-get install -y --no-install-recommends \
git \
python3-dev \
python3-pip \
build-essential \
pkg-config \
libpoppler-cpp-dev \
# libpq5 \
# libjpeg-dev \
# tesseract-ocr \
# imagemagick \
# virtualenv \
# libopencv-dev \
# zbar-tools \
# libzbar0 \
# libzbar-dev \
# libfuzzy-dev \
# gem \
# curl \
# gosu \
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
# Add Argument for MISP-Modules releases
ARG VERSION=2.4.118
# Install MISP Modules
WORKDIR /srv
RUN git clone --branch v${VERSION} --depth 1 https://github.com/MISP/misp-modules.git
WORKDIR /srv/misp-modules
RUN pip3 install -I -r REQUIREMENTS --no-cache-dir
RUN pip3 install . --no-cache-dir
RUN chown -R www-data /srv/misp-modules
USER www-data
ENTRYPOINT [ "/usr/local/bin/misp-modules", "-l", "0.0.0.0"]

170
server-configs/bootstrap.default.php Normal file
View File

@ -0,0 +1,170 @@
<?php
/**
* This file is loaded automatically by the app/webroot/index.php file after core.php
*
* This file should load/create any application wide configuration settings, such as
* Caching, Logging, loading additional configuration files.
*
* You should also use this file to include any files that provide global functions/constants
* that your application uses.
*/
/**
* Cache Engine Configuration
* Default settings provided below
*
* File storage engine.
*
* Cache::config('default', array(
* 'engine' => 'File', //[required]
* 'duration'=> 3600, //[optional]
* 'probability'=> 100, //[optional]
* 'path' => CACHE, //[optional] use system tmp directory - remember to use absolute path
* 'prefix' => 'cake_', //[optional] prefix every cache file with this string
* 'lock' => false, //[optional] use file locking
* 'serialize' => true, // [optional]
* 'mask' => 0666, // [optional] permission mask to use when creating cache files
* ));
*
* APC (http://pecl.php.net/package/APC)
*
* Cache::config('default', array(
* 'engine' => 'Apc', //[required]
* 'duration'=> 3600, //[optional]
* 'probability'=> 100, //[optional]
* 'prefix' => Inflector::slug(APP_DIR) . '_', //[optional] prefix every cache file with this string
* ));
*
* Xcache (http://xcache.lighttpd.net/)
*
* Cache::config('default', array(
* 'engine' => 'Xcache', //[required]
* 'duration'=> 3600, //[optional]
* 'probability'=> 100, //[optional]
* 'prefix' => Inflector::slug(APP_DIR) . '_', //[optional] prefix every cache file with this string
* 'user' => 'user', //user from xcache.admin.user settings
* 'password' => 'password', //plaintext password (xcache.admin.pass)
* ));
*
* Memcache (http://memcached.org/)
*
* Cache::config('default', array(
* 'engine' => 'Memcache', //[required]
* 'duration'=> 3600, //[optional]
* 'probability'=> 100, //[optional]
* 'prefix' => Inflector::slug(APP_DIR) . '_', //[optional] prefix every cache file with this string
* 'servers' => array(
* '127.0.0.1:11211' // localhost, default port 11211
* ), //[optional]
* 'persistent' => true, // [optional] set this to false for non-persistent connections
* 'compress' => false, // [optional] compress data in Memcache (slower, but uses less memory)
* ));
*
* Wincache (http://php.net/wincache)
*
* Cache::config('default', array(
* 'engine' => 'Wincache', //[required]
* 'duration'=> 3600, //[optional]
* 'probability'=> 100, //[optional]
* 'prefix' => Inflector::slug(APP_DIR) . '_', //[optional] prefix every cache file with this string
* ));
*
* Redis (http://http://redis.io/)
*
* Cache::config('default', array(
* 'engine' => 'Redis', //[required]
* 'duration'=> 3600, //[optional]
* 'probability'=> 100, //[optional]
* 'prefix' => Inflector::slug(APP_DIR) . '_', //[optional] prefix every cache file with this string
* 'server' => '127.0.0.1' // localhost
* 'port' => 6379 // default port 6379
* 'timeout' => 0 // timeout in seconds, 0 = unlimited
* 'persistent' => true, // [optional] set this to false for non-persistent connections
* ));
*/
Cache::config('default', array('engine' => 'File'));
Configure::load('config');
$appendPort = true;
$relativePaths = false;
if (!$relativePaths) {
if (isset($_SERVER['SERVER_NAME'])) $serverName = $_SERVER['SERVER_NAME'];
else if (isset($_SERVER['HTTP_HOST'])) $serverName = $_SERVER['HTTP_HOST'];
else if (isset($_SERVER['SERVER_ADDR'])) $serverName = $_SERVER['SERVER_ADDR'];
if (!Configure::read('MISP.baseurl') && isset($serverName)) {
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443)) {
$protocol = 'https';
} else {
$protocol = 'http';
}
if (!isset($_SERVER['SERVER_PORT']) || in_array($_SERVER['SERVER_PORT'], array('443', '80')) || !$appendPort) {
Configure::write('MISP.baseurl', sprintf($protocol . '://%s', $serverName));
} else {
Configure::write('MISP.baseurl', sprintf($protocol . '://%s:%d', $serverName, $_SERVER['SERVER_PORT']));
}
}
}
/**
* Plugins need to be loaded manually, you can either load them one by one or all of them in a single call
* Uncomment one of the lines below, as you need. make sure you read the documentation on CakePlugin to use more
* advanced ways of loading plugins
*
* CakePlugin::loadAll(); // Loads all plugins at once
* CakePlugin::load('DebugKit'); //Loads a single plugin named DebugKit
*
*/
CakePlugin::load('SysLog');
CakePlugin::load('Assets'); // having Logable
CakePlugin::load('SysLogLogable');
CakePlugin::load('UrlCache');
/**
* Uncomment the following line to enable client SSL certificate authentication.
* It's also necessary to configure the plugin for more information, please read app/Plugin/CertAuth/reame.md
*/
// CakePlugin::load('CertAuth');
// CakePlugin::load('ShibbAuth');
/**
* You can attach event listeners to the request lifecyle as Dispatcher Filter . By Default CakePHP bundles two filters:
*
* - AssetDispatcher filter will serve your asset files (css, images, js, etc) from your themes and plugins
* - CacheDispatcher filter will read the Cache.check configure variable and try to serve cached content generated from controllers
*
* Feel free to remove or add filters as you see fit for your application. A few examples:
*
* Configure::write('Dispatcher.filters', array(
* 'MyCacheFilter', // will use MyCacheFilter class from the Routing/Filter package in your app.
* 'MyPlugin.MyFilter', // will use MyFilter class from the Routing/Filter package in MyPlugin plugin.
* array('callable' => $aFunction, 'on' => 'before', 'priority' => 9), // A valid PHP callback type to be called on beforeDispatch
* array('callable' => $anotherMethod, 'on' => 'after'), // A valid PHP callback type to be called on afterDispatch
*
* ));
*/
Configure::write('Dispatcher.filters', array(
'AssetDispatcher',
'CacheDispatcher'
));
/**
* Configures default file logging options
*/
App::uses('CakeLog', 'Log');
CakeLog::config('debug', array(
'engine' => 'FileLog',
'types' => array('notice', 'info', 'debug'),
'file' => 'debug',
));
CakeLog::config('error', array(
'engine' => 'FileLog',
'types' => array('warning', 'error', 'critical', 'alert', 'emergency'),
'file' => 'error',
));
// comment the following out if you do not with to use the background processing (not recommended)
CakePlugin::loadAll(array(
'CakeResque' => array('bootstrap' => true)
));

176
server-configs/config.default.php Normal file
View File

@ -0,0 +1,176 @@
<?php
$config = array(
'debug' => 0,
'Security' =>
array(
'level' => 'medium',
'salt' => '',
'cipherSeed' => '',
//'auth'=>array('CertAuth.Certificate'), // additional authentication methods
//'auth'=>array('ShibbAuth.ApacheShibb'),
),
'MISP' =>
array(
'baseurl' => '',
'footermidleft' => '',
'footermidright' => '',
'org' => 'ORGNAME',
'showorg' => true,
'threatlevel_in_email_subject' => true,
'email_subject_TLP_string' => 'tlp:amber',
'email_subject_tag' => 'tlp',
'email_subject_include_tag_name' => true,
'background_jobs' => true,
'cached_attachments' => true,
'email' => 'email@address.com',
'contact' => 'email@address.com',
'cveurl' => 'https://cve.circl.lu/cve/',
'cweurl' => 'https://cve.circl.lu/cwe/',
'disablerestalert' => false,
'default_event_distribution' => '1',
'default_attribute_distribution' => 'event',
'tagging' => true,
'full_tags_on_event_index' => true,
'attribute_tagging' => true,
'full_tags_on_attribute_index' => true,
'footer_logo' => '',
'take_ownership_xml_import' => false,
'unpublishedprivate' => false,
'disable_emailing' => false,
'manage_workers' => true,
'Attributes_Values_Filter_In_Event' => 'id, uuid, value, comment, type, category, Tag.name',
),
'GnuPG' =>
array(
'onlyencrypted' => false,
'email' => '',
'homedir' => '',
'password' => '',
'bodyonlyencrypted' => false,
'sign' => true,
),
'SMIME' =>
array(
'enabled' => false,
'email' => '',
'cert_public_sign' => '',
'key_sign' => '',
'password' => '',
),
'Proxy' =>
array(
'host' => '',
'port' => '',
'method' => '',
'user' => '',
'password' => '',
),
'SecureAuth' =>
array(
'amount' => 5,
'expire' => 300,
),
// Uncomment the following to enable client SSL certificate authentication
/*
'CertAuth' =>
array(
// CA
'ca' => array('FIRST.Org'), // List of CAs authorized
'caId' => 'O', // Certificate field used to verify the CA. In this example, the field O (organization) of the client certificate has to equal to 'FIRST.Org' in order to validate the CA
// User/client configuration
'userModel' => 'User', // name of the User class (MISP class) to check if the user exists
'userModelKey' => 'email', // User field that will be used for querying. In this example, the field email of the MISP accounts will be used to search if the user exists.
'map' => array( // maps client certificate attributes to User properties. This map will be used as conditions to find if the user exists. In this example, the client certificate fields 'O' (organization) and 'emailAddress' have to match with the MISP fields 'org' and 'email' to validate the user.
'O' => 'org',
'emailAddress' => 'email',
),
// Synchronization/RestAPI
'syncUser' => true, // should the User be synchronized with an external REST API
'userDefaults' => array( // default user attributes, only used when creating new users. By default, new users are "Read only" users (role_id: 6).
'role_id' => 6,
),
'restApi' => array( // API parameters
'url' => 'https://example.com/data/users', // URL to query
'headers' => array(), // additional headers, used for authentication
'param' => array('email' => 'email'), // query parameters to add to the URL, mapped to User properties
'map' => array( // maps REST result to the User properties
'uid' => 'nids_sid',
'team' => 'org',
'email' => 'email',
'pgp_public' => 'gpgkey',
),
),
'userDefaults' => array('role_id' => 6), // default attributes for new users. By default, new users are "Read only" users (role_id: 6).
),
*/
/*
'ApacheShibbAuth' => // Configuration for shibboleth authentication
array(
'apacheEnv' => 'REMOTE_USER', // If proxy variable = HTTP_REMOTE_USER
'ssoAuth' => 'AUTH_TYPE',
'MailTag' => 'EMAIL_TAG',
'OrgTag' => 'FEDERATION_TAG',
'GroupTag' => 'GROUP_TAG',
'GroupSeparator' => ';',
'GroupRoleMatching' => array( // 3:User, 1:admin. May be good to set "1" for the first user
'group_three' => 3,
'group_two' => 2,
'group_one' => 1,
),
'DefaultRoleId' => 3,
'DefaultOrg' => 'DEFAULT_ORG',
),
*/
/*
'LinOTPAuth' => // Configuration for the LinOTP authentication
array(
'baseUrl' => 'https://linotp', // The base URL of LinOTP
'realm' => 'lino', // the (default) realm of all the users logging in through this system
'userModel' => 'User', // name of the User class (MISP class) to check if the user exists
'userModelKey' => 'email', // User field that will be used for querying.
),
*/
// Warning: The following is a 3rd party contribution and still untested (including security) by the MISP-project team.
// Feel free to enable it and report back to us if you run into any issues.
//
// Uncomment the following to enable Kerberos authentication
// needs PHP LDAP support enabled (e.g. compile flag --with-ldap or Debian package php5-ldap)
/*
'ApacheSecureAuth' => // Configuration for kerberos authentication
array(
'apacheEnv' => 'REMOTE_USER', // If proxy variable = HTTP_REMOTE_USER, If BasicAuth ldap = PHP_AUTH_USER
'ldapServer' => 'ldap://example.com', // FQDN or IP
'ldapProtocol' => 3,
'ldapNetworkTimeout' => -1, // use -1 for unlimited network timeout
'ldapReaderUser' => 'cn=userWithReadAccess,ou=users,dc=example,dc=com', // DN ou RDN LDAP with reader user right
'ldapReaderPassword' => 'UserPassword', // the LDAP reader user password
'ldapDN' => 'dc=example,dc=com',
'ldapSearchFilter' => '', // Search filter to limit results from ldapsearh fx to specific group. FX
//'ldapSearchFilter' => '(objectclass=InetOrgPerson)(!(nsaccountlock=True))(memberOf=cn=misp,cn=groups,cn=accounts,dc=example,dc=com)',
'ldapSearchAttribut' => 'uid', // filter for search
'ldapFilter' => array(
'mail',
// 'memberOf', //Needed filter if roles should be added depending on group membership.
),
'ldapDefaultRoleId' => 3, // 3:User, 1:admin. May be good to set "1" for the first user
//ldapDefaultRoleId can also be set as an array to support creating users into different group, depending on ldap membership.
//This will only work if the ldap server supports memberOf
//'ldapDefaultRoleId' => array(
// 'misp_admin' => 1,
// 'misp_orgadmin' => 2,
// 'misp_user' => 3,
// 'misp_publisher' => 4,
// 'misp_syncuser' => 5,
// 'misp_readonly' => 6,
// ),
//
'ldapDefaultOrg' => '1', // uses 1st local org in MISP if undefined,
'ldapAllowReferrals' => true, // allow or disallow chasing LDAP referrals
//'ldapEmailField' => array('emailAddress, 'mail'), // Optional : fields from which the email address should be retrieved. Default to 'mail' only. If more than one field is set (e.g. 'emailAddress' and 'mail' in this example), only the first one will be used.
//'updateUser' => true, // Optional : Will update user on LDAP login to update user fields (e.g. role)
),
*/
);

290
server-configs/core.default.php Normal file
View File

@ -0,0 +1,290 @@
<?php
/**
* This is core configuration file.
*
* Use it to configure core behavior of Cake.
*
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @package app.Config
* @since CakePHP(tm) v 0.2.9
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
/**
* CakePHP Debug Level:
*
* Production Mode:
* 0: No error messages, errors, or warnings shown. Flash messages redirect.
*
* Development Mode:
* 1: Errors and warnings shown, model caches refreshed, flash messages halted.
* 2: As in 1, but also with full debug messages and SQL output.
*
* In production mode, flash messages redirect after a time interval.
* In development mode, you need to click the flash message to continue.
*/
Configure::write('debug', 0); // 0 = for production, 2 = full debug mode
/**
* Configure the Error handler used to handle errors for your application. By default
* ErrorHandler::handleError() is used. It will display errors using Debugger, when debug > 0
* and log errors with CakeLog when debug = 0.
*
* Options:
*
* - `handler` - callback - The callback to handle errors. You can set this to any callable type,
* including anonymous functions.
* - `level` - int - The level of errors you are interested in capturing.
* - `trace` - boolean - Include stack traces for errors in log files.
*
* @see ErrorHandler for more information on error handling and configuration.
*/
Configure::write('Error', array(
'handler' => 'ErrorHandler::handleError',
'level' => E_ALL & ~E_DEPRECATED,
'trace' => true
));
/**
* Configure the Exception handler used for uncaught exceptions. By default,
* ErrorHandler::handleException() is used. It will display a HTML page for the exception, and
* while debug > 0, framework errors like Missing Controller will be displayed. When debug = 0,
* framework errors will be coerced into generic HTTP errors.
*
* Options:
*
* - `handler` - callback - The callback to handle exceptions. You can set this to any callback type,
* including anonymous functions.
* - `renderer` - string - The class responsible for rendering uncaught exceptions. If you choose a custom class you
* should place the file for that class in app/Lib/Error. This class needs to implement a render method.
* - `log` - boolean - Should Exceptions be logged?
*
* @see ErrorHandler for more information on exception handling and configuration.
*/
Configure::write('Exception', array(
'handler' => 'ErrorHandler::handleException',
'renderer' => 'ExceptionRenderer',
'log' => true,
'skipLog' => array(
'NotFoundException',
'ForbiddenException',
)
));
/**
* Application wide charset encoding
*/
Configure::write('App.encoding', 'UTF-8');
/**
* To configure CakePHP *not* to use mod_rewrite and to
* use CakePHP pretty URLs, remove these .htaccess
* files:
*
* /.htaccess
* /app/.htaccess
* /app/webroot/.htaccess
*
* And uncomment the App.baseUrl below:
*/
//Configure::write('App.baseUrl', env('SCRIPT_NAME'));
/**
* Uncomment the define below to use CakePHP prefix routes.
*
* The value of the define determines the names of the routes
* and their associated controller actions:
*
* Set to an array of prefixes you want to use in your application. Use for
* admin or other prefixed routes.
*
* Routing.prefixes = array('admin', 'manager');
*
* Enables:
* `admin_index()` and `/admin/controller/index`
* `manager_index()` and `/manager/controller/index`
*
*/
Configure::write('Routing.prefixes', array('admin'));
/**
* Turn off all caching application-wide.
*
*/
Configure::write('Cache.disable', false);
/**
* Enable cache checking.
*
* If set to true, for view caching you must still use the controller
* public $cacheAction inside your controllers to define caching settings.
* You can either set it controller-wide by setting public $cacheAction = true,
* or in each action using $this->cacheAction = true.
*
*/
//Configure::write('Cache.check', true);
/**
* Defines the default error type when using the log() function. Used for
* differentiating error logging and debugging. Currently PHP supports LOG_DEBUG.
*/
define('LOG_ERROR', LOG_ERR);
/**
* Session configuration.
*
* Contains an array of settings to use for session configuration. The defaults key is
* used to define a default preset to use for sessions, any settings declared here will override
* the settings of the default config.
*
* ## Options
*
* - `Session.cookie` - The name of the cookie to use. Defaults to 'CAKEPHP'
* - `Session.timeout` - The number of minutes you want sessions to live for. This timeout is handled by CakePHP
* - `Session.cookieTimeout` - The number of minutes you want session cookies to live for.
* - `Session.checkAgent` - Do you want the user agent to be checked when starting sessions? You might want to set the
* value to false, when dealing with older versions of IE, Chrome Frame or certain web-browsing devices and AJAX
* - `Session.defaults` - The default configuration set to use as a basis for your session.
* There are four builtins: php, cake, cache, database.
* - `Session.handler` - Can be used to enable a custom session handler. Expects an array of callables,
* that can be used with `session_save_handler`. Using this option will automatically add `session.save_handler`
* to the ini array.
* - `Session.autoRegenerate` - Enabling this setting, turns on automatic renewal of sessions, and
* sessionids that change frequently. See CakeSession::$requestCountdown.
* - `Session.ini` - An associative array of additional ini values to set.
*
* The built in defaults are:
*
* - 'php' - Uses settings defined in your php.ini.
* - 'cake' - Saves session files in CakePHP's /tmp directory.
* - 'database' - Uses CakePHP's database sessions.
* - 'cache' - Use the Cache class to save sessions.
*
* To define a custom session handler, save it at /app/Model/Datasource/Session/<name>.php.
* Make sure the class implements `CakeSessionHandlerInterface` and set Session.handler to <name>
*
* To use database sessions, run the app/Config/Schema/sessions.php schema using
* the cake shell command: cake schema create Sessions
*
*/
Configure::write('Session', array(
'timeout' => 60, // Session timeout, default is 1 hour
'cookie_timeout' => 10080 , // Cookie timeout, default is 1 week
'defaults' => 'php',
'autoRegenerate' => false,
'checkAgent' => false
));
/**
* The level of CakePHP security.
*/
Configure::write('Security.level', 'medium');
/**
* A random string used in security hashing methods.
*/
Configure::write('Security.salt', 'Rooraenietu8Eeyo<Qu2eeNfterd-dd+');
/**
* A random numeric string (digits only) used to encrypt/decrypt strings.
*/
Configure::write('Security.cipherSeed', '395786739573056621429506834955');
/**
* Apply timestamps with the last modified time to static assets (js, css, images).
* Will append a querystring parameter containing the time the file was modified. This is
* useful for invalidating browser caches.
*
* Set to `true` to apply timestamps when debug > 0. Set to 'force' to always enable
* timestamping regardless of debug value.
*/
//Configure::write('Asset.timestamp', true);
/**
* Compress CSS output by removing comments, whitespace, repeating tags, etc.
* This requires a/var/cache directory to be writable by the web server for caching.
* and /vendors/csspp/csspp.php
*
* To use, prefix the CSS link URL with '/ccss/' instead of '/css/' or use HtmlHelper::css().
*/
//Configure::write('Asset.filter.css', 'css.php');
/**
* Plug in your own custom JavaScript compressor by dropping a script in your webroot to handle the
* output, and setting the config below to the name of the script.
*
* To use, prefix your JavaScript link URLs with '/cjs/' instead of '/js/' or use JavaScriptHelper::link().
*/
//Configure::write('Asset.filter.js', 'custom_javascript_output_filter.php');
/**
* The classname and database used in CakePHP's
* access control lists.
*/
Configure::write('Acl.classname', 'DbAcl');
Configure::write('Acl.database', 'default');
/**
* Uncomment this line and correct your server timezone to fix
* any date & time related errors.
*/
//date_default_timezone_set('UTC');
/**
* Pick the caching engine to use. If APC is enabled use it.
* If running via cli - apc is disabled by default. ensure it's available and enabled in this case
*
* Note: 'default' and other application caches should be configured in app/Config/bootstrap.php.
* Please check the comments in boostrap.php for more info on the cache engines available
* and their setttings.
*/
$engine = 'File';
if (extension_loaded('apc') && function_exists('apc_dec') && (php_sapi_name() !== 'cli' || ini_get('apc.enable_cli'))) {
$engine = 'Apc';
}
// In development mode, caches should expire quickly.
$duration = '+999 days';
if (Configure::read('debug') >= 1) {
$duration = '+10 seconds';
}
// Prefix each application on the same server with a different string, to avoid Memcache and APC conflicts.
$prefix = 'myapp_';
/**
* Configure the cache used for general framework caching. Path information,
* object listings, and translation cache files are stored with this configuration.
*/
Cache::config('_cake_core_', array(
'engine' => $engine,
'prefix' => $prefix . 'cake_core_',
'path' => CACHE . 'persistent' . DS,
'serialize' => ($engine === 'File'),
'duration' => $duration
));
/**
* Configure the cache for model and datasource caches. This cache configuration
* is used to store schema descriptions, and table listings in connections.
*/
Cache::config('_cake_model_', array(
'engine' => $engine,
'prefix' => $prefix . 'cake_model_',
'path' => CACHE . 'models' . DS,
'serialize' => ($engine === 'File'),
'duration' => $duration
));
//Comment the following out if you do not with to use the background workers (not recommended)
require_once dirname(__DIR__) . '/Vendor/autoload.php';

75
server-configs/database.default.php Normal file
View File

@ -0,0 +1,75 @@
<?php
/**
* This is core configuration file.
*
* Use it to configure core behaviour of Cake.
*
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @package app.Config
* @since CakePHP(tm) v 0.2.9
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
/**
* In this file you set up your database connection details.
*
* @package cake.config
*/
/**
* Database configuration class.
* You can specify multiple configurations for production, development and testing.
*
* datasource => The name of a supported datasource; valid options are as follows:
* Database/Mysql - MySQL 4 & 5,
* Database/Sqlite - SQLite (PHP5 only),
* Database/Postgres - PostgreSQL 7 and higher,
* Database/Sqlserver - Microsoft SQL Server 2005 and higher
*
* You can add custom database datasources (or override existing datasources) by adding the
* appropriate file to app/Model/Datasource/Database. Datasources should be named 'MyDatasource.php',
*
*
* persistent => true / false
* Determines whether or not the database should use a persistent connection
*
* host =>
* the host you connect to the database. To add a socket or port number, use 'port' => #
*
* prefix =>
* Uses the given prefix for all the tables in this database. This setting can be overridden
* on a per-table basis with the Model::$tablePrefix property.
*
* schema =>
* For Postgres specifies which schema you would like to use the tables in. Postgres defaults to 'public'.
*
* encoding =>
* For MySQL, Postgres specifies the character encoding to use when connecting to the
* database. Uses database default not specified.
*
* unix_socket =>
* For MySQL to connect via socket specify the `unix_socket` parameter instead of `host` and `port`
*/
class DATABASE_CONFIG {
public $default = array(
'datasource' => 'Database/Mysql',
//'datasource' => 'Database/Postgres',
'persistent' => false,
'host' => 'localhost',
'login' => 'db login',
'port' => 3306, // MySQL & MariaDB
//'port' => 5432, // PostgreSQL
'password' => 'db password',
'database' => 'misp',
'prefix' => '',
'encoding' => 'utf8',
);
}

99
server-configs/email.php Normal file
View File

@ -0,0 +1,99 @@
<?php
/**
* This is email configuration file.
*
* Use it to configure email transports of Cake.
*
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @package app.Config
* @since CakePHP(tm) v 2.0.0
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
/**
* In this file you set up your send email details.
*
* @package cake.config
*/
/**
* Email configuration class.
* You can specify multiple configurations for production, development and testing.
*
* transport => The name of a supported transport; valid options are as follows:
* Mail - Send using PHP mail function
* Smtp - Send using SMTP
* Debug - Do not send the email, just return the result
*
* You can add custom transports (or override existing transports) by adding the
* appropriate file to app/Network/Email. Transports should be named 'YourTransport.php',
* where 'Your' is the name of the transport.
*
* from =>
* The origin email. See CakeEmail::from() about the valid values
*
*/
class EmailConfig {
// to set the return-path header, simply uncomment the line below and change you@localhost to the desired e-mail address
public $default = array(
'transport' => 'Mail',
'charset' => 'utf-8',
'headers' => array('Precedence' => 'bulk'),
//'additionalParameters' => '-f you@localhost'
);
public $smtp = array(
'transport' => 'Smtp',
'from' => array('site@localhost' => 'My Site'),
'host' => 'localhost',
'port' => 25,
'timeout' => 30,
'username' => 'user',
'password' => 'secret',
'client' => null,
'log' => false,
//'charset' => 'utf-8',
//'headerCharset' => 'utf-8',
);
public $fast = array(
'from' => 'you@localhost',
'sender' => null,
'to' => null,
'cc' => null,
'bcc' => null,
'replyTo' => null,
'readReceipt' => null,
'returnPath' => null,
'messageId' => true,
'subject' => null,
'message' => null,
'headers' => null,
'viewRender' => null,
'template' => false,
'layout' => false,
'viewVars' => null,
'attachments' => null,
'emailFormat' => null,
'transport' => 'Smtp',
'host' => 'localhost',
'port' => 25,
'timeout' => 30,
'username' => 'user',
'password' => 'secret',
'client' => null,
'log' => true,
//'charset' => 'utf-8',
//'headerCharset' => 'utf-8',
);
}

55
server-configs/routes.php Normal file
View File

@ -0,0 +1,55 @@
<?php
/**
* Routes configuration
*
* In this file, you set up routes to your controllers and their actions.
* Routes are very important mechanism that allows you to freely connect
* different urls to chosen controllers and their actions (functions).
*
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @package app.Config
* @since CakePHP(tm) v 0.2.9
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
/**
* Here, we are connecting '/' (base path) to controller called 'Pages',
* its action called 'display', and we pass a param to select the view file
* to use (in this case, /app/View/Pages/home.ctp)...
*/
Router::connect('/', array('controller' => 'events', 'action' => 'index'));
// admin Paginator
Router::connect('/whitelists/admin_index/*', array('controller' => 'whitelists', 'action' => 'index', 'admin' => true));
Router::connect('/users/admin_index/*', array('controller' => 'users', 'action' => 'index', 'admin' => true));
Router::connect('/roles/admin_index/*', array('controller' => 'roles', 'action' => 'index', 'admin' => true));
Router::connect('/logs/admin_search/*', array('controller' => 'logs', 'action' => 'search', 'admin' => true));
Router::connect('/logs/admin_index/*', array('controller' => 'logs', 'action' => 'index', 'admin' => true));
Router::connect('/regexp/admin_index/*', array('controller' => 'regexp', 'action' => 'index', 'admin' => true));
// Activate REST
Router::mapResources(array('events', 'attributes'));
Router::parseExtensions('xml', 'json', 'csv');
Router::connectNamed(
array('attributesPage' => array('controller' => 'events', 'action' => 'view'))
);
/**
* Load all plugin routes. See the CakePlugin documentation on
* how to customize the loading of plugin routes.
*/
CakePlugin::routes();
/**
* Load the CakePHP default routes. Only remove this if you do not want to use
* the built-in default routes.
*/
require CAKE . 'Config' . DS . 'routes.php';

134
server/Dockerfile Normal file
View File

@ -0,0 +1,134 @@
FROM debian:buster-slim
ENV DEBIAN_FRONTEND noninteractive
ARG VERSION=2.4.118
# Based on DCSO Dockererized MISP
RUN apt-get update; apt-get install -y --no-install-recommends \
sudo \
apache2 \
supervisor \
git make \
gcc \
zip unzip \
openssl \
gpg-agent \
python3 \
python3-setuptools \
python3-dev \
python3-pip \
ssdeep \
php \
php-xml \
php-mbstring \
php-mysql \
php-pear \
php-dev \
php-redis \
php-gd \
libfuzzy-dev \
mariadb-client \
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
# MISP code
ARG MISP_TAG=${VERSION}
ENV MISP_TAG=${MISP_TAG}
# Download MISP using git in the /var/www/ directory.
# Attention: we replaced the fixed tag with a variable
WORKDIR /var/www
RUN git clone --branch v${MISP_TAG} --depth 1 https://github.com/MISP/MISP.git /var/www/MISP
WORKDIR /var/www/MISP
RUN chown www-data:www-data /var/www/MISP; \
# Make git ignore filesystem permission differences
git config core.filemode false; \
# CakePHP and a lot of other things is included as a submodule of MISP, execute the following commands to let git fetch it:
git submodule update --init --recursive; \
# Make git ignore filesystem permission differences for submodules
git submodule foreach --recursive git config core.filemode false
# Python Modules
# install Mitre's STIX and its dependencies by running the following commands:
# install mixbox to accomodate the new STIX dependencies:
WORKDIR /var/www/MISP/app/files/scripts
RUN git clone https://github.com/CybOXProject/mixbox.git; \
cd mixbox; python3 setup.py install
# install python-maec
RUN git clone https://github.com/MAECProject/python-maec.git; \
cd python-maec; python3 setup.py install
# install python-cybox
RUN git clone https://github.com/CybOXProject/python-cybox.git; \
cd python-cybox; python3 setup.py install
# install python stix
RUN git clone https://github.com/STIXProject/python-stix.git; \
cd python-stix; python3 setup.py install
# install STIX2.0 library to support STIX 2.0 export:
WORKDIR /var/www/MISP/cti-python-stix2
RUN python3 setup.py install
# install PyMISP
WORKDIR /var/www/MISP/PyMISP
RUN python3 setup.py install
RUN pip3 install --no-cache-dir plyara pyzmq redis maec python-magic lief https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip git+https://github.com/kbandla/pydeep.git
# CakePHP
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
WORKDIR /var/www/MISP/app
RUN composer require kamisama/cake-resque:4.1.2 \
;composer config vendor-dir Vendor \
;composer install \
# Enable CakeResque with php-redis
;phpenmod redis \
# Enable CakeResque with php-gnupgp
;phpenmod gnupg \
#installing ssdeep_php - pecl is dumb, we need to ensure the libs are in the specific place
;cp /usr/lib/x86_64-linux-gnu/libfuzzy.* /usr/lib; pecl install ssdeep; phpenmod ssdeep \
# To use the scheduler worker for scheduled tasks, do the following:
;cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
# Set the permissions
# Check if the permissions are set correctly using the following commands:
RUN chown -R www-data:www-data /var/www/MISP \
;chmod -R 750 /var/www/MISP \
;chmod -R g+ws /var/www/MISP/app/tmp \
;chmod -R g+ws /var/www/MISP/app/files \
;chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
# Configure Apache
# add HTTP MISP Config
RUN rm /etc/apache2/sites-enabled/*;
COPY files/etc/apache2/sites-enabled/misp.conf /etc/apache2/sites-enabled/
COPY files/etc/apache2/sites-enabled/misp-ssl.conf /etc/apache2/sites-enabled/
COPY files/etc/apache2/ports.conf /etc/apache2/ports.conf
RUN set -eu \
;chmod 640 /etc/apache2/ports.conf \
;chown root.root /etc/apache2/ports.conf \
;chmod 640 /etc/apache2/sites-available/* \
;chown root.root /etc/apache2/sites-available/* \
# Configure Apache
;a2dismod status \
;a2enmod ssl \
;a2enmod rewrite \
;a2enmod headers
# MISP Update and MISP Cron
COPY --chown=www-data:www-data files/usr/local/bin/misp_update.sh /usr/local/bin/
COPY --chown=www-data:www-data files/usr/local/bin/misp_cron.sh /usr/local/bin/
# Make a copy of the file store, so we can sync from it
RUN cp -R /var/www/MISP/app/files /var/www/MISP/app/files.dist
# Entrypoints
COPY files/etc/supervisor/supervisor.conf /etc/supervisor/conf.d/supervisord.conf
COPY files/entrypoint_apache.sh /
COPY files/entrypoint_cron.sh /
COPY files/entrypoint_workers.sh /
COPY files/entrypoint.sh /
ENTRYPOINT [ "/entrypoint.sh" ]
# Change Workdirectory
WORKDIR /var/www/MISP

3
server/files/entrypoint.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/sh
# start supervisord
/usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf

125
server/files/entrypoint_apache.sh Executable file
View File

@ -0,0 +1,125 @@
#!/bin/bash
MISP_APP_CONFIG_PATH=/var/www/MISP/app/Config
[ -z "$MYSQL_HOST" ] && MYSQL_HOST=db
[ -z "$MYSQL_PORT" ] && MYSQL_PORT=3306
[ -z "$MYSQL_USER" ] && MYSQL_USER=misp
[ -z "$MYSQL_PASSWORD" ] && MYSQL_PASSWORD=example
[ -z "$MYSQL_DATABASE" ] && MYSQL_DATABASE=misp
[ -z "$REDIS_FQDN" ] && REDIS_FQDN=redis
[ -z "$MYSQLCMD" ] && MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE"
ENTRYPOINT_PID_FILE="/entrypoint_apache.install"
[ ! -f $ENTRYPOINT_PID_FILE ] && touch $ENTRYPOINT_PID_FILE
change_php_vars(){
for FILE in $(ls /etc/php/*/apache2/php.ini)
do
sed -i "s/memory_limit = .*/memory_limit = 2048M/" "$FILE"
sed -i "s/max_execution_time = .*/max_execution_time = 300/" "$FILE"
sed -i "s/upload_max_filesize = .*/upload_max_filesize = 50M/" "$FILE"
sed -i "s/post_max_size = .*/post_max_size = 50M/" "$FILE"
done
}
init_misp_config(){
[ -f $MISP_APP_CONFIG_PATH/bootstrap.php ] || cp $MISP_APP_CONFIG_PATH/bootstrap.default.php $MISP_APP_CONFIG_PATH/bootstrap.php
[ -f $MISP_APP_CONFIG_PATH/database.php ] || cp $MISP_APP_CONFIG_PATH/database.default.php $MISP_APP_CONFIG_PATH/database.php
[ -f $MISP_APP_CONFIG_PATH/core.php ] || cp $MISP_APP_CONFIG_PATH/core.default.php $MISP_APP_CONFIG_PATH/core.php
[ -f $MISP_APP_CONFIG_PATH/config.php ] || cp $MISP_APP_CONFIG_PATH/config.default.php $MISP_APP_CONFIG_PATH/config.php
echo "Configure MISP | Set DB User, Password and Host in database.php"
sed -i "s/localhost/$MYSQL_HOST/" $MISP_APP_CONFIG_PATH/database.php
sed -i "s/db\s*login/$MYSQL_USER/" $MISP_APP_CONFIG_PATH/database.php
sed -i "s/db\s*password/$MYSQL_PASSWORD/" $MISP_APP_CONFIG_PATH/database.php
#### CAKE ####
echo "Configure Cake | Change Redis host to $REDIS_FQDN"
sed -i "s/'host' => 'localhost'.*/'host' => '$REDIS_FQDN', \/\/ Redis server hostname/" "/var/www/MISP/app/Plugin/CakeResque/Config/config.php"
}
init_misp_files(){
if [ ! -f /var/www/MISP/app/files/INIT ]; then
cp -R /var/www/MISP/app/files.dist/* /var/www/MISP/app/files
touch /var/www/MISP/app/files/INIT
fi
}
check_mysql(){
# Test when MySQL is ready....
# Test if entrypoint_local_mariadb.sh is ready
sleep 5
while (true)
do
[ ! -f /var/lib/mysql/entrypoint_local_mariadb.sh.pid ] && break
sleep 5
done
# wait for Database come ready
isDBup () {
echo "SHOW STATUS" | $MYSQLCMD 1>/dev/null
echo $?
}
RETRY=100
until [ $(isDBup) -eq 0 ] || [ $RETRY -le 0 ] ; do
echo "Waiting for database to come up"
sleep 5
RETRY=$(( $RETRY - 1))
done
if [ $RETRY -le 0 ]; then
>&2 echo "Error: Could not connect to Database on $MYSQL_HOST:$MYSQL_PORT"
exit 1
fi
}
init_mysql(){
#####################################################################
if [[ "$INIT_MYSQL" == true ]]; then
check_mysql
# import MISP DB Scheme
echo "... importing MySQL scheme..."
$MYSQLCMD < /var/www/MISP/INSTALL/MYSQL.sql
echo "MySQL import...finished"
fi
echo
}
start_apache() {
# Apache gets grumpy about PID files pre-existing
rm -f /run/apache2/apache2.pid
# execute APACHE2
/usr/sbin/apache2ctl -D FOREGROUND -k "$1"
}
##### check MySQL
echo "Check if MySQL is ready..." && check_mysql
# Change PHP VARS
echo "Change PHP values ..." && change_php_vars
##### Import MySQL scheme
echo "Import MySQL scheme..." && init_mysql
##### initialize MISP-Server
echo "Initialize misp base config..." && init_misp_config
echo "Make sure files dir is setup..." && init_misp_files
##### Check permissions #####
echo "Configure MISP | Check permissions..."
echo "... chown -R www-data.www-data /var/www/MISP..." && find /var/www/MISP -not -user www-data -exec chown www-data.www-data {} +
echo "... chmod -R 0750 /var/www/MISP..." && find /var/www/MISP -perm 550 -type f -exec chmod 0550 {} + && find /var/www/MISP -perm 770 -type d -exec chmod 0770 {} +
echo "... chmod -R g+ws /var/www/MISP/app/tmp..." && chmod -R g+ws /var/www/MISP/app/tmp
echo "... chmod -R g+ws /var/www/MISP/app/files..." && chmod -R g+ws /var/www/MISP/app/files
echo "... chmod -R g+ws /var/www/MISP/app/files/scripts/tmp" && chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
# delete pid file
[ -f $ENTRYPOINT_PID_FILE ] && rm $ENTRYPOINT_PID_FILE
##### execute apache
start_apache start

29
server/files/entrypoint_cron.sh Executable file
View File

@ -0,0 +1,29 @@
#!/bin/sh
set -e
NC='\033[0m' # No Color
Light_Green='\033[1;32m'
echo (){
command echo -e $1
}
STARTMSG="${Light_Green}[ENTRYPOINT_CRON]${NC}"
# Wait until entrypoint apache is ready
while (true)
do
sleep 2
[ -f /entrypoint_apache.install ] && continue
break
done
[ -n "$CRON_INTERVAL" ] && INTERVAL="$CRON_INTERVAL"
( [ -z "$CRON_INTERVAL" ] || [ "$CRON_INTERVAL" = 0 ] ) && echo "$STARTMSG Deactivate cron job." && exit
[ -z "$CRON_USER_ID" ] && USER_ID=1
# wait for the first round
echo "$STARTMSG Wait $INTERVAL seconds, then start the first intervall." && sleep "$INTERVAL"
# start cron job
echo "$STARTMSG Start cron job" && misp_cron.sh "$INTERVAL" "$USER_ID"

34
server/files/entrypoint_workers.sh Executable file
View File

@ -0,0 +1,34 @@
#!/bin/bash
set -e
NC='\033[0m' # No Color
Light_Green='\033[1;32m'
echo (){
command echo -e $1
}
STARTMSG="${Light_Green}[ENTRYPOINT_WORKERS]${NC}"
CAKE_CMD="/var/www/MISP/app/Console/cake CakeResque.CakeResque"
# Wait until entrypoint apache is ready
while (true)
do
sleep 2
[ -f /entrypoint_apache.install ] && continue
break
done
# start Workers for MISP
echo "$STARTMSG Start Workers..."
sudo -u www-data /var/www/MISP/app/Console/worker/start.sh
echo "$STARTMSG Start Workers...finished"
while true
do
sleep 3600
echo "$STARTMSG Start Workers..."
sudo -u www-data /var/www/MISP/app/Console/worker/start.sh
echo "$STARTMSG Start Workers...finished"
done

15
server/files/etc/apache2/ports.conf Normal file
View File

@ -0,0 +1,15 @@
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

29
server/files/etc/apache2/sites-enabled/misp-ssl.conf Normal file
View File

@ -0,0 +1,29 @@
<VirtualHost *:443>
ServerName misp-server
DocumentRoot /var/www/MISP/app/webroot
<Directory /var/www/MISP/app/webroot>
Options -Indexes
AllowOverride all
Order allow,deny
allow from all
</Directory>
SSLEngine On
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
SSLOpenSSLConfCmd DHParameters "/etc/apache2/ssl/dhparams.pem"
SSLCertificateFile /etc/apache2/ssl/cert.pem
SSLCertificateKeyFile /etc/apache2/ssl/key.pem
SSLCertificateChainFile /etc/apache2/ssl/chain.pem
LogLevel warn
ErrorLog /dev/stdout
CustomLog /dev/stdout combined
ServerSignature Off
# Header set X-Content-Type-Options nosniff
# Header set X-Frame-Options DENY
</VirtualHost>

17
server/files/etc/apache2/sites-enabled/misp.conf Normal file
View File

@ -0,0 +1,17 @@
<VirtualHost *:80>
ServerName misp-server
DocumentRoot /var/www/MISP/app/webroot
<Directory /var/www/MISP/app/webroot>
Options -Indexes
AllowOverride all
Require all granted
</Directory>
LogLevel warn
ErrorLog /dev/stdout
CustomLog /dev/stdout combined
ServerSignature Off
Header set X-Content-Type-Options nosniff
Header set X-Frame-Options DENY
</VirtualHost>

31
server/files/etc/supervisor/supervisor.conf Normal file
View File

@ -0,0 +1,31 @@
[supervisord]
nodaemon=true
user=root
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
[program:apache2]
command=/entrypoint_apache.sh
autorestart=true
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
[program:workers]
command=/entrypoint_workers.sh
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
autostart=true
[program:cron]
command=/entrypoint_cron.sh
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
autostart=true

109
server/files/usr/local/bin/misp_cron.sh Executable file
View File

@ -0,0 +1,109 @@
#!/bin/bash
set -e
NC='\033[0m' # No Color
Light_Green='\033[1;32m'
echo (){
command echo -e $1
}
COUNTER="$(date +%Y-%m-%d_%H:%M)"
STARTMSG="${Light_Green}[ENTRYPOINT_CRON] [ $COUNTER ] ${NC}"
if [ -z "$1" ] ; then
# If Interval is empty set interval default to 3600s
INTERVAL=3600
else
INTERVAL="$1"
fi
if [ -z "$2" ] ; then
# If Interval is empty set interval default to 3600s
USER_ID=1
else
USER_ID="$2"
fi
CAKE="/var/www/MISP/app/Console/cake"
[ -z "$MYSQL_DATABASE" ] && export MYSQL_DATABASE=misp
[ -z "$MYSQL_HOST" ] && export MYSQL_HOST=misp-db
[ -z "$MYSQL_ROOT_PASSWORD" ] && echo "$STARTMSG No MYSQL_ROOT_PASSWORD is set. Exit now." && exit 1
[ -z "$MYSQL_PORT" ] && export MYSQL_PORT=3306
[ -z "$MYSQL_USER" ] && export MYSQL_USER=misp
[ -z "$MYSQLCMD" ] && export MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE"
check_mysql_and_get_auth_key(){
# Test when MySQL is ready
# wait for Database come ready
isDBup () {
echo "SHOW STATUS" | $MYSQLCMD 1>/dev/null
echo $?
}
RETRY=10
until [ $(isDBup) -eq 0 ] || [ $RETRY -le 0 ] ; do
echo "Waiting for database to come up"
sleep 5
RETRY=$(( $RETRY - 1))
done
if [ $RETRY -le 0 ]; then
>&2 echo "Error: Could not connect to Database on $MYSQL_HOST:$MYSQL_PORT"
exit 1
else
# get AUTH_KEY
export AUTH_KEY=$(echo "SELECT authkey FROM users where id = '$USER_ID';" | $MYSQLCMD)
fi
}
# Wait until MySQL is ready and get the AUTH_KEXY
check_mysql_and_get_auth_key
while(true)
do
# Administering MISP via the CLI
# Certain administrative tasks are exposed to the API, these help with maintaining and configuring MISP in an automated way / via external tools.:
# GetSettings: MISP/app/Console/cake Admin getSetting [setting]
# SetSettings: MISP/app/Console/cake Admin getSetting [setting] [value]
# GetAuthkey: MISP/app/Console/cake Admin getauthkey [email]
# SetBaseurl: MISP/app/Console/cake Baseurl setbaseurl [baseurl]
# ChangePassword: MISP/app/Console/cake Password [email] [new_password]
# Automating certain console tasks
# If you would like to automate tasks such as caching feeds or pulling from server instances, you can do it using the following command line tools. Simply execute the given commands via the command line / create cron jobs easily out of them.:
# Pull: MISP/app/Console/cake Server pull [user_id] [server_id] [full|update]
# Push: MISP/app/Console/cake Server push [user_id] [server_id]
# CacheFeed: MISP/app/Console/cake Server cacheFeed [user_id] [feed_id|all|csv|text|misp]
# FetchFeed: MISP/app/Console/cake Server fetchFeed [user_id] [feed_id|all|csv|text|misp]
# Enrichment: MISP/app/Console/cake Event enrichEvent [user_id] [event_id] [json_encoded_module_list]
# START the SCRIPT
# Set time and date
COUNTER="$(date +%Y-%m-%d_%H:%M)"
# Start Message
echo "$STARTMSG Start MISP-dockerized Cronjob at $COUNTER... "
# Pull: MISP/app/Console/cake Server pull [user_id] [server_id] [full|update]
echo "$STARTMSG $CAKE Server pull $USER_ID..." && $CAKE Server pull "$USER_ID"
# Push: MISP/app/Console/cake Server push [user_id] [server_id]
echo "$STARTMSG $CAKE Server push $USER_ID..." && $CAKE Server push "$USER_ID"
# CacheFeed: MISP/app/Console/cake Server cacheFeed [user_id] [feed_id|all|csv|text|misp]
echo "$STARTMSG $CAKE Server cacheFeed $USER_ID all..." && $CAKE Server cacheFeed "$USER_ID" all
#FetchFeed: MISP/app/Console/cake Server fetchFeed [user_id] [feed_id|all|csv|text|misp]
echo "$STARTMSG $CAKE Server fetchFeed $USER_ID all..." && $CAKE Server fetchFeed "$USER_ID" all
# End Message
echo "$STARTMSG Finished MISP-dockerized Cronjob at $(date +%Y-%m-%d_%H:%M) and wait $INTERVAL seconds... "
# Wait this time
sleep "$INTERVAL"
done

51
server/files/usr/local/bin/misp_update.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/bash
set -ex
NC='\033[0m' # No Color
Light_Green='\033[1;32m'
echo (){
command echo -e $1
}
STARTMSG="${Light_Green}[UPDATE_MISP]${NC}"
[ -z $CAKE ] && export CAKE="$MISP_APP_PATH/Console/cake"
# Init MISP and create user
while true
do
# copy auth_key
export AUTH_KEY=$(docker exec misp-server bash -c 'mysql -u $MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE -e "SELECT authkey FROM users;" | head -2|tail -1')
# initial user if all is good auth_key is return
[ -z $AUTH_KEY ] && export AUTH_KEY=$(docker exec misp-server bash -c "sudo -E /var/www/MISP/app/Console/cake userInit -q") && echo "new Auth_Key: $AUTH_KEY"
# if user is initalized but mysql is not ready continue
[ "$AUTH_KEY" == "Script aborted: MISP instance already initialised." ] && continue
# if the auth_key is save go out
[ -z $AUTH_KEY ] || break
# wait 5 seconds
sleep 5
done
# Update the galaxies…
echo "$STARTMSG Update Galaxies..." && sudo "$CAKE" Admin updateGalaxies
# Updating the taxonomies…
echo "$STARTMSG Update Taxonomies..." && sudo "$CAKE" Admin updateTaxonomies
# Updating the warning lists…
echo "$STARTMSG Update WarningLists..." && sudo "$CAKE" Admin updateWarningLists
# Updating the notice lists…
echo "$STARTMSG Update NoticeLists..." && sudo "$CAKE" Admin updateNoticeLists
#curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
# Updating the object templates…
echo "$STARTMSG Update Object Templates..." && sudo "$CAKE" Admin updateObjectTemplates
#curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
exit

7
ssl/generate.sh Executable file
View File

@ -0,0 +1,7 @@
#!/bin/bash
echo "Seriously, don't use this"
openssl dhparam -out dhparams.pem 2048
openssl req -x509 -subj '/CN=localhost' -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
cp cert.pem chain.pem