MISP Docker (XME edition)
 
 
 
 
Go to file
Jason Kendall 5153a2d8a2
Merge pull request #143 from Kagee/patch-3
misp-modules v2.4.150 requires python 3.8 or a downgrade of sigmatools
2021-10-19 14:58:13 -04:00
.github Create FUNDING.yml 2021-08-09 09:52:48 -04:00
examples Add custom entrypoint closes #15 2020-03-06 11:00:35 -05:00
modules sigmatools downgrade: Add comment so we remember to upgrade 2021-10-19 20:56:24 +02:00
server Merge pull request #141 from Kagee/patch-1 2021-10-19 14:47:07 -04:00
server-configs Use distributed configs for defaults 2020-02-27 18:10:39 -05:00
.env Bump version 147 2021-08-09 09:48:48 -04:00
.gitignore Cleanup gitignore 2020-02-27 18:39:54 -05:00
.travis.yml Add missing sudo 2021-04-20 09:21:21 +02:00
LICENSE Create LICENSE 2020-01-29 10:29:24 -05:00
README.md Added reference to ca.pem 2021-04-07 16:46:59 +02:00
build-docker-compose.yml Split docker-compose and build-docker-compose 2020-02-27 19:50:42 -05:00
docker-compose.yml Allow defining the number of parallel workers 2021-04-20 09:13:09 +02:00

README.md

CoolAcid's MISP Docker images

Codacy Badge CodeFactor Build Status Gitter chat

A (nearly) production ready Dockered MISP

This is based on some of the work from the DSCO docker build, nearly all of the details have been rewritten.

  • Components are split out where possible, currently this is only the MISP modules
  • Over writable configuration files
  • Allows volumes for file store
  • Cron job runs updates, pushes, and pulls - Logs go to docker logs
  • Docker-Compose uses off the shelf images for Redis and MySQL
  • Images directly from docker hub, no build required
  • Slimmed down images by using build stages and slim parent image, removes unnecessary files from images

Docker Tags

Docker hub builds the images automatically based on git tags. I try and tag using the following details

v[MISP Version][Our build version]

  • MISP version is the MISP tag we're building
  • Our build version is the iteration for our changes with the same MISP version
  • Core and modules are split into [core]-version and [modules]-version respectively

Getting Started

Development/Test

  • Grab the docker-compose.yml and server-configs/email.php files (Keep directory structure)

  • A dry run will create sane default configurations

  • docker-compose up

  • Login to https://localhost

    • User: admin@admin.test
    • Password: admin
  • Profit

Using the image for development

Pull the entire repository, you can build the images using docker-compose -f docker-compose.yml -f build-docker-compose.yml build

Once you have the docker container up you can access the container by running docker-compose exec misp /bin/bash. This will provide you with a root shell. You can use apt update and then install any tools you wish to use. Finally, copy any changes you make outside of the container for commiting to your branch. git diff -- [dir with changes] could be used to reduce the number of changes in a patch file, however, becareful when using the git diff command.

Updating

Updating the images should be as simple as docker-compose pull which, unless changed in the docker-compose.yml file will pull the latest built images.

Production

  • It is recommended to specify which build you want to be running, and modify that version number when you would like to upgrade

  • Use docker-compose, or some other config management tool

  • Directory volume mount SSL Certs ./ssl: /etc/ssl/certs

    • Certificate File: cert.pem
    • Certificate Key File: key.pem
    • CA File for Cert Authentication (optional) ca.pem
  • Directory volume mount and create configs: /var/www/MISP/app/Config/

  • Additional directory volume mounts:

    • /var/www/MISP/app/files
    • /var/www/MISP/.gnupg
    • /var/www/MISP/.smime

Building

If you are interested in building the project from scratch - git clone or download the entire repo and run docker-compose -f build-docker-compose.yml build

Image file sizes

  • Core server(Saved: 2.5GB)

    • Original Image: 3.17GB
    • First attempt: 2.24GB
    • Remove chown: 1.56GB
    • PreBuild python modules, and only pull submodules we need: 800MB
    • PreBuild PHP modules: 664MB
  • Modules (Saved: 640MB)

    • Original: 1.36GB
    • Pre-build modules: 750MB