From 94c43c62b87b7c2b7f992ad8b8af7b332a01f920 Mon Sep 17 00:00:00 2001 From: stevengoossensB Date: Thu, 6 Feb 2020 12:49:50 +0100 Subject: [PATCH 01/23] Update run.sh Initial connection can't be to specific database, since that doesn't exist yet --- web/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/run.sh b/web/run.sh index 6a5ab70..2810b2e 100755 --- a/web/run.sh +++ b/web/run.sh @@ -60,7 +60,7 @@ if [ -r /.firstboot.tmp ]; then echo "MYSQL_PASSWORD is set to '$MYSQL_PASSWORD'" fi - ret=`echo 'SHOW TABLES;' | mysql -u $MYSQL_USER --password="$MYSQL_PASSWORD" -h $MYSQL_HOST -P 3306 $MYSQL_DATABASE # 2>&1` + ret=`echo 'SHOW TABLES;' | mysql -u $MYSQL_USER --password="$MYSQL_PASSWORD" -h $MYSQL_HOST -P 3306 # 2>&1` if [ $? -eq 0 ]; then echo "Connected to database successfully!" found=0 From b4176674fd9def4d7d231d4ca8915dba24ff6d09 Mon Sep 17 00:00:00 2001 From: stevengoossensB Date: Fri, 7 Feb 2020 09:39:51 +0100 Subject: [PATCH 02/23] Add check whether database exists Check whether the MISP database exists, if not, create it. --- web/run.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/web/run.sh b/web/run.sh index 2810b2e..1ade3a2 100755 --- a/web/run.sh +++ b/web/run.sh @@ -59,8 +59,13 @@ if [ -r /.firstboot.tmp ]; then else echo "MYSQL_PASSWORD is set to '$MYSQL_PASSWORD'" fi - - ret=`echo 'SHOW TABLES;' | mysql -u $MYSQL_USER --password="$MYSQL_PASSWORD" -h $MYSQL_HOST -P 3306 # 2>&1` + + dbExists=`echo 'SHOW DATABASES;' | mysql -u $MYSQL_USER --password="$MYSQL_PASSWORD" -h $MYSQL_HOST -P 3306` + if [[ $dbExists != *$MYSQL_DATABASE* ]] + echo "Database misp doesn't exist, creating database ..." + `echo 'CREATE DATABASE '$MYSQL_DATABASE';' | mysql -u $MYSQL_USER --password="$MYSQL_PASSWORD" -h $MYSQL_HOST -P 3306` + fi + ret=`echo 'SHOW TABLES;' | mysql -u $MYSQL_USER --password="$MYSQL_PASSWORD" -h $MYSQL_HOST -P 3306 $MYSQL_DATABASE # 2>&1` if [ $? -eq 0 ]; then echo "Connected to database successfully!" found=0 From 7f31c985e30524e70141d7c13eddc2d7feacc534 Mon Sep 17 00:00:00 2001 From: stevengoossensB Date: Fri, 7 Feb 2020 10:54:48 +0100 Subject: [PATCH 03/23] Typo fixed --- web/run.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/run.sh b/web/run.sh index 1ade3a2..304dd37 100755 --- a/web/run.sh +++ b/web/run.sh @@ -61,9 +61,9 @@ if [ -r /.firstboot.tmp ]; then fi dbExists=`echo 'SHOW DATABASES;' | mysql -u $MYSQL_USER --password="$MYSQL_PASSWORD" -h $MYSQL_HOST -P 3306` - if [[ $dbExists != *$MYSQL_DATABASE* ]] + if [[ $dbExists != *$MYSQL_DATABASE* ]]; then echo "Database misp doesn't exist, creating database ..." - `echo 'CREATE DATABASE '$MYSQL_DATABASE';' | mysql -u $MYSQL_USER --password="$MYSQL_PASSWORD" -h $MYSQL_HOST -P 3306` + echo 'CREATE DATABASE '$MYSQL_DATABASE';' | mysql -u $MYSQL_USER --password="$MYSQL_PASSWORD" -h $MYSQL_HOST -P 3306 fi ret=`echo 'SHOW TABLES;' | mysql -u $MYSQL_USER --password="$MYSQL_PASSWORD" -h $MYSQL_HOST -P 3306 $MYSQL_DATABASE # 2>&1` if [ $? -eq 0 ]; then From a3c29f91f846f858c9813b0d34950d0250b27f69 Mon Sep 17 00:00:00 2001 From: stevengoossensB Date: Mon, 10 Feb 2020 19:13:13 +0100 Subject: [PATCH 04/23] SSH settings for Azure Add SSH settings so Azure can SSH into the container --- web/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/web/Dockerfile b/web/Dockerfile index 6eb59b1..be814ca 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -186,6 +186,11 @@ RUN chmod 0755 /run.sh && touch /.firstboot.tmp WORKDIR /var/www/MISP RUN tar czpf /root/MISP.tgz . +RUN apk add openssh && echo "root:Docker!" | chpasswd +COPY sshd_config /etc/ssh/ + + VOLUME /var/www/MISP -EXPOSE 80 +EXPOSE 80 2222 + ENTRYPOINT ["/run.sh"] From 554ff2079f355a8e1c075720bdbd3dcbf48466e1 Mon Sep 17 00:00:00 2001 From: stevengoossensB Date: Mon, 10 Feb 2020 19:13:52 +0100 Subject: [PATCH 05/23] sshd_config --- web/sshd_config | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 web/sshd_config diff --git a/web/sshd_config b/web/sshd_config new file mode 100644 index 0000000..04b53f9 --- /dev/null +++ b/web/sshd_config @@ -0,0 +1,16 @@ +# This is ssh server systemwide configuration file. +# +# /etc/sshd_config + +Port SSH_PORT +ListenAddress 0.0.0.0 +LoginGraceTime 180 +X11Forwarding yes +Ciphers aes128-cbc,3des-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr +MACs hmac-sha1,hmac-sha1-96 +StrictModes yes +SyslogFacility DAEMON +PasswordAuthentication yes +PermitEmptyPasswords no +PermitRootLogin yes +Subsystem sftp internal-sftp From ae4c6b5802b71ab2736a8902902c6251dfee636e Mon Sep 17 00:00:00 2001 From: stevengoossensB Date: Mon, 10 Feb 2020 19:29:17 +0100 Subject: [PATCH 06/23] Adding SSH for Ubuntu --- web/Dockerfile | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/web/Dockerfile b/web/Dockerfile index be814ca..a3f7ac5 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -24,6 +24,11 @@ RUN apt-get install -y libapache2-mod-php php php-dev php-json \ php-mysql php-redis php-xml php-mbstring \ php-gd php-pear php-opcache \ pkg-config libbson-1.0 libmongoc-1.0-0 + +# Add openSSH for Azure +RUN apt-get update && apt-get install -y openssh-server +RUN mkdir /var/run/sshd && echo "root:Docker!" | chpasswd +COPY sshd_config /etc/ssh/ # Fix php.ini with recommended settings RUN sed -i \ @@ -186,8 +191,8 @@ RUN chmod 0755 /run.sh && touch /.firstboot.tmp WORKDIR /var/www/MISP RUN tar czpf /root/MISP.tgz . -RUN apk add openssh && echo "root:Docker!" | chpasswd -COPY sshd_config /etc/ssh/ +echo "root:Docker!" | chpasswd + VOLUME /var/www/MISP From 923b6278ee80704617c9244f14666f700c02ede9 Mon Sep 17 00:00:00 2001 From: stevengoossensB Date: Mon, 10 Feb 2020 19:53:30 +0100 Subject: [PATCH 07/23] Typo fix --- web/Dockerfile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/web/Dockerfile b/web/Dockerfile index a3f7ac5..d3b1096 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -191,10 +191,6 @@ RUN chmod 0755 /run.sh && touch /.firstboot.tmp WORKDIR /var/www/MISP RUN tar czpf /root/MISP.tgz . -echo "root:Docker!" | chpasswd - - - VOLUME /var/www/MISP EXPOSE 80 2222 From 2c12d2165e9d62b92bfe7695410c6bf539c8a4d4 Mon Sep 17 00:00:00 2001 From: stevengoossensB Date: Mon, 10 Feb 2020 21:58:22 +0100 Subject: [PATCH 08/23] Add startup of sshd daemon --- web/run.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/web/run.sh b/web/run.sh index 304dd37..dd03ea6 100755 --- a/web/run.sh +++ b/web/run.sh @@ -10,11 +10,13 @@ set -e +/usr/sbin/sshd + if [ -r /.firstboot.tmp ]; then echo "Container started for the fist time. Setup might time a few minutes. Please wait..." echo "(Details are logged in /tmp/install.log)" export DEBIAN_FRONTEND=noninteractive - + # If the user uses a mount point restore our files if [ ! -d /var/www/MISP/app ]; then echo "Restoring MISP files..." From ec5905489e04f725fcb396bcf1685d11a6c705d1 Mon Sep 17 00:00:00 2001 From: stevengoossensB Date: Mon, 10 Feb 2020 22:33:00 +0100 Subject: [PATCH 09/23] Change SSH port number to 2222 --- web/sshd_config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/sshd_config b/web/sshd_config index 04b53f9..dfd41a9 100644 --- a/web/sshd_config +++ b/web/sshd_config @@ -2,7 +2,7 @@ # # /etc/sshd_config -Port SSH_PORT +Port 2222 ListenAddress 0.0.0.0 LoginGraceTime 180 X11Forwarding yes From 05cb030a261403a588249389c6395cba4a7df8ba Mon Sep 17 00:00:00 2001 From: Steven Goossens Date: Mon, 1 Jun 2020 22:05:32 +0200 Subject: [PATCH 10/23] Update so reboot pulls the newest code Added a git pull in case it's not a first boot. --- web/run.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/web/run.sh b/web/run.sh index dd03ea6..c0b9246 100755 --- a/web/run.sh +++ b/web/run.sh @@ -144,6 +144,9 @@ __WELCOME__ rm -f /.firstboot.tmp fi +else + git pull /var/www/MISP + # Make MISP live - this isn't ideal, as it means taking an instance # non-live will make it live again if the container restarts. That seems # better than the default which is that MISP is non-live on container restart. From c88358e9bfd5db43dc7722e7e78615c51da1aa9d Mon Sep 17 00:00:00 2001 From: Steven Goossens Date: Mon, 1 Jun 2020 22:14:42 +0200 Subject: [PATCH 11/23] Change docker image used --- docker-compose-nginx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose-nginx.yml b/docker-compose-nginx.yml index ddc8394..8535633 100644 --- a/docker-compose-nginx.yml +++ b/docker-compose-nginx.yml @@ -14,7 +14,7 @@ services: web: build: web container_name: misp_web - image: misp:latest + image: stevengoossens/misp:latest restart: unless-stopped volumes: - /dev/urandom:/dev/random From f90a3c493c5d94f97deb698a31db88adc0791cc3 Mon Sep 17 00:00:00 2001 From: Steven Goossens Date: Sun, 5 Jul 2020 23:14:41 +0200 Subject: [PATCH 12/23] Update run.sh Do a git pull when it's not the first boot, to ensure we're working on the latest version --- web/run.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/web/run.sh b/web/run.sh index c0b9246..963e485 100755 --- a/web/run.sh +++ b/web/run.sh @@ -6,14 +6,14 @@ # 2017/05/17 - Created # 2017/05/31 - Fixed small errors # 2019/10/17 - Use built-in mysql docker DB creation and use std env names (dafal) -# +# 2020/07/05 - Update MISP when it's not the first start set -e /usr/sbin/sshd if [ -r /.firstboot.tmp ]; then - echo "Container started for the fist time. Setup might time a few minutes. Please wait..." + echo "Container started for the first time. Setup might time a few minutes. Please wait..." echo "(Details are logged in /tmp/install.log)" export DEBIAN_FRONTEND=noninteractive @@ -142,10 +142,9 @@ Don't forget: __WELCOME__ rm -f /.firstboot.tmp -fi - else git pull /var/www/MISP +fi # Make MISP live - this isn't ideal, as it means taking an instance # non-live will make it live again if the container restarts. That seems From a2e4834db12995e521ced774bf595a64c053f7d9 Mon Sep 17 00:00:00 2001 From: Steven Goossens Date: Sun, 5 Jul 2020 23:39:53 +0200 Subject: [PATCH 13/23] Bump ubuntu version to focal --- web/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/web/Dockerfile b/web/Dockerfile index d3b1096..0d3b7a0 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -1,6 +1,5 @@ -FROM ubuntu:bionic - +FROM ubuntu:focal # Install core components ENV DEBIAN_FRONTEND noninteractive From 48d8c9d8f02079f7e665fc7d8a8026c77102b3fd Mon Sep 17 00:00:00 2001 From: Steven Goossens Date: Sun, 5 Jul 2020 23:57:35 +0200 Subject: [PATCH 14/23] Update dockerfile to just run the install script --- web/Dockerfile | 189 +------------------------------------------------ 1 file changed, 3 insertions(+), 186 deletions(-) diff --git a/web/Dockerfile b/web/Dockerfile index 0d3b7a0..c51766d 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -3,192 +3,9 @@ FROM ubuntu:focal # Install core components ENV DEBIAN_FRONTEND noninteractive -RUN apt-get update && \ - apt-get dist-upgrade -y && apt-get autoremove -y && apt-get clean && \ - apt-get install -y software-properties-common && \ - apt-get install -y postfix && \ - apt-get install -y mysql-client curl gcc git gnupg-agent \ - make python openssl redis-server sudo vim zip locales - -RUN locale-gen en_US.UTF-8 -ENV LANG en_US.UTF-8 - -# Apache -RUN apt-get install -y apache2 apache2-doc apache2-utils && \ - a2dismod status && \ - a2dissite 000-default - -# PHP 7.2 and install MySQL PDO extension -RUN apt-get install -y libapache2-mod-php php php-dev php-json \ - php-mysql php-redis php-xml php-mbstring \ - php-gd php-pear php-opcache \ - pkg-config libbson-1.0 libmongoc-1.0-0 - -# Add openSSH for Azure -RUN apt-get update && apt-get install -y openssh-server -RUN mkdir /var/run/sshd && echo "root:Docker!" | chpasswd -COPY sshd_config /etc/ssh/ - -# Fix php.ini with recommended settings -RUN sed -i \ - -e "s/max_execution_time = 30/max_execution_time = 300/" \ - -e "s/memory_limit = 128M/memory_limit = 2048M/" \ - -e "s/upload_max_filesize = 2M/upload_max_filesize = 50M/" \ - -e "s/post_max_size = 8M/post_max_size = 50M/" \ - /etc/php/7.2/apache2/php.ini - -RUN apt-get install -y python3-dev python3-pip python3-setuptools \ - python3-lxml libjpeg-dev \ - libxml2-dev libxslt1-dev zlib1g-dev libfuzzy-dev && \ - apt-get install -y cron logrotate supervisor syslog-ng-core && \ - apt-get clean - -WORKDIR /var/www -RUN chown www-data:www-data /var/www -USER www-data -RUN git clone https://github.com/MISP/MISP.git -WORKDIR /var/www/MISP -RUN git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`) && \ - git config core.filemode false && \ - git submodule update --init --recursive && \ - git submodule foreach --recursive git config core.filemode false - -USER root -RUN pip3 install git+https://github.com/STIXProject/python-stix.git \ - git+https://github.com/CybOXProject/python-cybox.git \ - git+https://github.com/CybOXProject/mixbox.git \ - git+https://github.com/MAECProject/python-maec.git \ - /var/www/MISP/cti-python-stix2 \ - plyara - -USER www-data -WORKDIR /var/www/MISP -RUN git submodule init && git submodule update -WORKDIR /var/www/MISP/app - -# FIX COMPOSER -RUN curl --fail --location -o composer-setup.php https://getcomposer.org/installer && \ - EXPECTED_SIGNATURE="$(curl https://composer.github.io/installer.sig)"; php -r "if (hash_file('sha384', 'composer-setup.php') == '$(echo $EXPECTED_SIGNATURE)' ) { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" && \ - php composer-setup.php && \ - php -r "unlink('composer-setup.php');" -# END FIX - -RUN php composer.phar update && \ - php composer.phar config vendor-dir Vendor && \ - php composer.phar install --ignore-platform-reqs -USER root -RUN phpenmod redis -USER www-data -RUN cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php - -# Fix permissions -USER root -RUN chown -R www-data:www-data /var/www/MISP && \ - chmod -R 750 /var/www/MISP && \ - chmod -R g+ws /var/www/MISP/app/tmp && \ - chmod -R g+ws /var/www/MISP/app/files && \ - chmod -R g+ws /var/www/MISP/app/files/scripts/tmp && \ - chmod +x /var/www/MISP/app/Console/cake - -RUN cp /var/www/MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp - -# Preconfigure setting for packages -RUN echo "postfix postfix/main_mailer_type string Local only" \ - | debconf-set-selections && \ - echo "postfix postfix/mailname string localhost.localdomain" | \ - debconf-set-selections - -# Redis Setup -RUN sed -i 's/^\(daemonize\s*\)yes\s*$/\1no/g' /etc/redis/redis.conf -RUN sed -i 's/^\(bind\s*\)127.0.0.1 ::1\s*$/\1127.0.0.1/g' /etc/redis/redis.conf - -# Add a healthcheck endpoint -COPY healthcheck.patch healthcheck.patch -RUN patch /var/www/MISP/INSTALL/apache.misp.ubuntu < healthcheck.patch - -# Apache Setup -RUN cp /var/www/MISP/INSTALL/apache.misp.ubuntu /etc/apache2/sites-available/misp.conf && \ - a2dissite 000-default && \ - a2ensite misp && \ - a2enmod rewrite && \ - a2enmod headers - -# MISP base configuration -RUN sudo -u www-data cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php && \ - sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php && \ - sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php && \ - sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php && \ - chown -R www-data:www-data /var/www/MISP/app/Config && \ - chmod -R 750 /var/www/MISP/app/Config - -# Replace the default salt -RUN sed -i -E "s/'salt'\s=>\s'(\S+)'/'salt' => '`openssl rand -base64 32|tr "/" "-"`'/" /var/www/MISP/app/Config/config.php - -# Enable workers at boot time -RUN chmod a+x /var/www/MISP/app/Console/worker/start.sh && \ - echo "sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh" >>/etc/rc.local - -# Install templates & stuff -WORKDIR /var/www/MISP/app/files -RUN rm -rf misp-objects && git clone https://github.com/MISP/misp-objects.git && \ - rm -rf misp-galaxy && git clone https://github.com/MISP/misp-galaxy.git && \ - rm -rf warninglists && git clone https://github.com/MISP/misp-warninglists.git ./warninglists && \ - rm -rf taxonomies && git clone https://github.com/MISP/misp-taxonomies.git ./taxonomies && \ - chown -R www-data:www-data misp-objects misp-galaxy warninglists taxonomies - -# Install MISP build requirements -RUN sudo -E apt-get -y install libpoppler73 libpoppler-dev libpoppler-cpp-dev - -# Install MISP Modules -WORKDIR /opt -RUN git clone https://github.com/MISP/misp-modules.git -RUN cd misp-modules && \ - pip3 install -I -r REQUIREMENTS && \ - pip3 install -I . && \ - echo "sudo -u www-data misp-modules -s -l 127.0.0.1 &" >>/etc/rc.local - -# Supervisord Setup -RUN ( \ - echo '[supervisord]'; \ - echo 'nodaemon = true'; \ - echo ''; \ - echo '[program:postfix]'; \ - echo 'process_name = master'; \ - echo 'directory = /etc/postfix'; \ - echo 'command = /usr/sbin/postfix -c /etc/postfix start'; \ - echo 'startsecs = 0'; \ - echo 'autorestart = false'; \ - echo ''; \ - echo '[program:redis-server]'; \ - echo 'command=redis-server /etc/redis/redis.conf'; \ - echo ''; \ - echo '[program:apache2]'; \ - echo 'command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -D FOREGROUND"'; \ - echo ''; \ - echo '[program:resque]'; \ - echo 'command=/bin/bash /var/www/MISP/app/Console/worker/start.sh'; \ - echo 'user = www-data'; \ - echo 'startsecs = 0'; \ - echo 'autorestart = false'; \ - echo ''; \ - echo '[program:misp-modules]'; \ - echo 'command=/bin/bash -c "misp-modules -s -l 127.0.0.1"'; \ - echo 'user = www-data'; \ - echo 'startsecs = 0'; \ - echo 'autorestart = false'; \ -) >> /etc/supervisor/conf.d/supervisord.conf - -# Modify syslog configuration -RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf - -# Add run script -# Trigger to perform first boot operations -ADD run.sh /run.sh -RUN chmod 0755 /run.sh && touch /.firstboot.tmp - -# Make a backup of /var/www/MISP to restore it to the local moint point at first boot -WORKDIR /var/www/MISP -RUN tar czpf /root/MISP.tgz . +# This will install MISP Core +RUN wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh +RUN bash /tmp/INSTALL.sh -c VOLUME /var/www/MISP EXPOSE 80 2222 From a046ceeb3983ffe4b091575cc63db344e0862cf8 Mon Sep 17 00:00:00 2001 From: Steven Goossens Date: Mon, 6 Jul 2020 00:21:31 +0200 Subject: [PATCH 15/23] Install wget to get the download script :) --- web/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/Dockerfile b/web/Dockerfile index c51766d..bdbd182 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -2,7 +2,7 @@ FROM ubuntu:focal # Install core components ENV DEBIAN_FRONTEND noninteractive - +RUN apt-get install wget # This will install MISP Core RUN wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh RUN bash /tmp/INSTALL.sh -c From d5675b34aa9eb8292270e70a899275b72b3789a9 Mon Sep 17 00:00:00 2001 From: Steven Goossens Date: Mon, 6 Jul 2020 09:04:12 +0200 Subject: [PATCH 16/23] Add apt update --- web/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/Dockerfile b/web/Dockerfile index bdbd182..1329ccc 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -2,7 +2,7 @@ FROM ubuntu:focal # Install core components ENV DEBIAN_FRONTEND noninteractive -RUN apt-get install wget +RUN apt update && apt install wget # This will install MISP Core RUN wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh RUN bash /tmp/INSTALL.sh -c From 210cf33c57ef3cc6bec5799e03dec58ce51e0530 Mon Sep 17 00:00:00 2001 From: Steven Goossens Date: Mon, 6 Jul 2020 09:11:59 +0200 Subject: [PATCH 17/23] Added -y to apt commands --- web/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/Dockerfile b/web/Dockerfile index 1329ccc..2e5a672 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -2,7 +2,7 @@ FROM ubuntu:focal # Install core components ENV DEBIAN_FRONTEND noninteractive -RUN apt update && apt install wget +RUN apt update -y && apt install wget -y # This will install MISP Core RUN wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh RUN bash /tmp/INSTALL.sh -c From 4a7eb543bc61e7d58b2bf9906c1c9a1a3dd7a8f2 Mon Sep 17 00:00:00 2001 From: Steven Goossens Date: Tue, 7 Jul 2020 09:41:48 +0200 Subject: [PATCH 18/23] Remove output redirects from install script --- web/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/web/Dockerfile b/web/Dockerfile index 2e5a672..dea0dba 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -5,6 +5,8 @@ ENV DEBIAN_FRONTEND noninteractive RUN apt update -y && apt install wget -y # This will install MISP Core RUN wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh +RUN sed -i 's/> \/dev\/tty//' /tmp/INSTALL.sh +RUN sed -i 's/> \/dev\/null//' /tmp/INSTALL.sh RUN bash /tmp/INSTALL.sh -c VOLUME /var/www/MISP From 932a164ddf7df272eb1640640b10813783e850a9 Mon Sep 17 00:00:00 2001 From: Steven Goossens Date: Tue, 7 Jul 2020 15:37:45 +0200 Subject: [PATCH 19/23] Apt install sudo --- web/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/Dockerfile b/web/Dockerfile index dea0dba..5c7bea1 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -2,7 +2,7 @@ FROM ubuntu:focal # Install core components ENV DEBIAN_FRONTEND noninteractive -RUN apt update -y && apt install wget -y +RUN apt update -y && apt install wget sudo -y # This will install MISP Core RUN wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh RUN sed -i 's/> \/dev\/tty//' /tmp/INSTALL.sh From 352ed8db01958eef9bacc8c5cd4ef2d85cf0df25 Mon Sep 17 00:00:00 2001 From: Steven Goossens Date: Tue, 7 Jul 2020 15:57:07 +0200 Subject: [PATCH 20/23] Remove check installer --- web/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/web/Dockerfile b/web/Dockerfile index 5c7bea1..560c626 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -7,6 +7,7 @@ RUN apt update -y && apt install wget sudo -y RUN wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh RUN sed -i 's/> \/dev\/tty//' /tmp/INSTALL.sh RUN sed -i 's/> \/dev\/null//' /tmp/INSTALL.sh +RUN sed -i 's/checkInstaller/#checkInstaller/' /tmp/INSTALL.sh RUN bash /tmp/INSTALL.sh -c VOLUME /var/www/MISP From 14d6209040d95dec422e202fdfe0c4921bcfb92b Mon Sep 17 00:00:00 2001 From: Steven Goossens Date: Wed, 8 Jul 2020 11:17:05 +0200 Subject: [PATCH 21/23] Make sure to only replace the right checkInstaller --- web/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/Dockerfile b/web/Dockerfile index 560c626..c9f328e 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -7,7 +7,7 @@ RUN apt update -y && apt install wget sudo -y RUN wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh RUN sed -i 's/> \/dev\/tty//' /tmp/INSTALL.sh RUN sed -i 's/> \/dev\/null//' /tmp/INSTALL.sh -RUN sed -i 's/checkInstaller/#checkInstaller/' /tmp/INSTALL.sh +RUN sed -i 's/checkInstaller$/#checkInstaller/' /tmp/INSTALL.sh RUN bash /tmp/INSTALL.sh -c VOLUME /var/www/MISP From d7215e65e34c9f0cb91ae93a627d4cb441c690e0 Mon Sep 17 00:00:00 2001 From: Steven Goossens Date: Wed, 8 Jul 2020 11:35:53 +0200 Subject: [PATCH 22/23] Update run.sh to work with all-in-one MISP --- web/run.sh | 152 ++--------------------------------------------------- 1 file changed, 4 insertions(+), 148 deletions(-) diff --git a/web/run.sh b/web/run.sh index 963e485..bc91506 100755 --- a/web/run.sh +++ b/web/run.sh @@ -1,160 +1,16 @@ #!/bin/bash # # MISP docker startup script -# Xavier Mertens -# -# 2017/05/17 - Created -# 2017/05/31 - Fixed small errors -# 2019/10/17 - Use built-in mysql docker DB creation and use std env names (dafal) -# 2020/07/05 - Update MISP when it's not the first start +# Steven Goossens - steven@teamg.be set -e +git pull /var/www/MISP -/usr/sbin/sshd - -if [ -r /.firstboot.tmp ]; then - echo "Container started for the first time. Setup might time a few minutes. Please wait..." - echo "(Details are logged in /tmp/install.log)" - export DEBIAN_FRONTEND=noninteractive - - # If the user uses a mount point restore our files - if [ ! -d /var/www/MISP/app ]; then - echo "Restoring MISP files..." - cd /var/www/MISP - tar xzpf /root/MISP.tgz - rm /root/MISP.tgz - fi - - echo "Configuring postfix" - if [ -z "$POSTFIX_RELAY_HOST" ]; then - echo "POSTFIX_RELAY_HOST is not set, please configure Postfix manually later..." - else - postconf -e "relayhost = $POSTFIX_RELAY" - fi - - # Fix timezone (adapt to your local zone) - if [ -z "$TIMEZONE" ]; then - echo "TIMEZONE is not set, please configure the local time zone manually later..." - else - echo "$TIMEZONE" > /etc/timezone - dpkg-reconfigure -f noninteractive tzdata >>/tmp/install.log - fi - - echo "Creating MySQL database" - - # Check MYSQL_HOST - if [ -z "$MYSQL_HOST" ]; then - echo "MYSQL_HOST is not set. Aborting." - exit 1 - fi - - # Waiting for DB to be ready - while ! mysqladmin ping -h"$MYSQL_HOST" --silent; do - sleep 5 - echo "Waiting for database to be ready..." - done - - # Set MYSQL_PASSWORD - if [ -z "$MYSQL_PASSWORD" ]; then - echo "MYSQL_PASSWORD is not set, use default value 'misp'" - MYSQL_PASSWORD=misp - else - echo "MYSQL_PASSWORD is set to '$MYSQL_PASSWORD'" - fi - - dbExists=`echo 'SHOW DATABASES;' | mysql -u $MYSQL_USER --password="$MYSQL_PASSWORD" -h $MYSQL_HOST -P 3306` - if [[ $dbExists != *$MYSQL_DATABASE* ]]; then - echo "Database misp doesn't exist, creating database ..." - echo 'CREATE DATABASE '$MYSQL_DATABASE';' | mysql -u $MYSQL_USER --password="$MYSQL_PASSWORD" -h $MYSQL_HOST -P 3306 - fi - ret=`echo 'SHOW TABLES;' | mysql -u $MYSQL_USER --password="$MYSQL_PASSWORD" -h $MYSQL_HOST -P 3306 $MYSQL_DATABASE # 2>&1` - if [ $? -eq 0 ]; then - echo "Connected to database successfully!" - found=0 - for table in $ret; do - if [ "$table" == "attributes" ]; then - found=1 - fi - done - if [ $found -eq 1 ]; then - echo "Database misp available" - else - echo "Database misp empty, creating tables ..." - ret=`mysql -u $MYSQL_USER --password="$MYSQL_PASSWORD" $MYSQL_DATABASE -h $MYSQL_HOST -P 3306 2>&1 < /var/www/MISP/INSTALL/MYSQL.sql` - if [ $? -eq 0 ]; then - echo "Imported /var/www/MISP/INSTALL/MYSQL.sql successfully" - else - echo "ERROR: Importing /var/www/MISP/INSTALL/MYSQL.sql failed:" - echo $ret - fi - fi - else - echo "ERROR: Connecting to database failed:" - echo $ret - fi - - # MISP configuration - echo "Creating MISP configuration files" - cd /var/www/MISP/app/Config - cp -a database.default.php database.php - sed -i "s/localhost/$MYSQL_HOST/" database.php - sed -i "s/db\s*login/$MYSQL_USER/" database.php - sed -i "s/8889/3306/" database.php - sed -i "s/db\s*password/$MYSQL_PASSWORD/" database.php - - # Fix the base url - if [ -z "$MISP_BASEURL" ]; then - echo "No base URL defined, don't forget to define it manually!" - else - echo "Fixing the MISP base URL ($MISP_BASEURL) ..." - sed -i "s/'baseurl' => '',/'baseurl' => '$MISP_BASEURL',/" /var/www/MISP/app/Config/config.php - fi - - # Generate the admin user PGP key - echo "Creating admin GnuPG key" - if [ -z "$MISP_ADMIN_EMAIL" -o -z "$MISP_ADMIN_PASSPHRASE" ]; then - echo "No admin details provided, don't forget to generate the PGP key manually!" - else - echo "Generating admin PGP key ... (please be patient, we need some entropy)" - cat >/tmp/gpg.tmp <>/tmp/install.log - rm -f /tmp/gpg.tmp - sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --export --armor $MISP_ADMIN_EMAIL > /var/www/MISP/app/webroot/gpg.asc - fi - - # Display tips - cat <<__WELCOME__ -Congratulations! -Your MISP docker has been successfully booted for the first time. -Don't forget: -- Reconfigure postfix to match your environment -- Change the MISP admin email address to $MISP_ADMIN_EMAIL - -__WELCOME__ - rm -f /.firstboot.tmp -else - git pull /var/www/MISP -fi - -# Make MISP live - this isn't ideal, as it means taking an instance -# non-live will make it live again if the container restarts. That seems -# better than the default which is that MISP is non-live on container restart. -# Ideally live/non-live would be persisted in the database. +# Make MISP live /var/www/MISP/app/Console/cake live 1 chown www-data:www-data /var/www/MISP/app/Config/config.php* # Start supervisord echo "Starting supervisord" cd / -exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf - +exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf From 8757f061e22ae7e61b13217add8717eb99db1ca4 Mon Sep 17 00:00:00 2001 From: Steven Goossens Date: Wed, 8 Jul 2020 11:37:23 +0200 Subject: [PATCH 23/23] Expose port 443 --- web/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/Dockerfile b/web/Dockerfile index c9f328e..d1e48b1 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -11,6 +11,6 @@ RUN sed -i 's/checkInstaller$/#checkInstaller/' /tmp/INSTALL.sh RUN bash /tmp/INSTALL.sh -c VOLUME /var/www/MISP -EXPOSE 80 2222 +EXPOSE 80 443 ENTRYPOINT ["/run.sh"]