misp-docker/server/Dockerfile

FROM debian:buster-slim
ENV DEBIAN_FRONTEND noninteractive
ARG VERSION=2.4.118

# Based on DCSO Dockererized MISP
    RUN apt-get update; apt-get install -y --no-install-recommends \
        sudo \
        apache2 \
        supervisor \
        git make \
        gcc \
        zip unzip \
        openssl \
        gpg-agent \
        python3 \
        python3-setuptools \
        python3-dev \
        python3-pip \
        ssdeep \
        php \
        php-xml \
        php-mbstring \
        php-mysql \
        php-pear \
        php-dev \
        php-redis \
        php-gd \
        libfuzzy-dev \
        mariadb-client \
        && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*

# MISP code
    ARG MISP_TAG=${VERSION}
    ENV MISP_TAG=${MISP_TAG}
    # Download MISP using git in the /var/www/ directory.
    # Attention: we replaced the fixed tag with a variable
    WORKDIR /var/www
    RUN git clone --branch v${MISP_TAG} --depth 1 https://github.com/MISP/MISP.git /var/www/MISP
    WORKDIR /var/www/MISP
    RUN chown www-data:www-data /var/www/MISP; \
    # Make git ignore filesystem permission differences
    git config core.filemode false; \
    # CakePHP and a lot of other things is included as a submodule of MISP, execute the following commands to let git fetch it:
    git submodule update --init --recursive; \
    # Make git ignore filesystem permission differences for submodules
    git submodule foreach --recursive git config core.filemode false

# Python Modules
    # install Mitre's STIX and its dependencies by running the following commands:
    # install mixbox to accomodate the new STIX dependencies:
    WORKDIR /var/www/MISP/app/files/scripts
    RUN git clone https://github.com/CybOXProject/mixbox.git; \
        cd mixbox; python3 setup.py install

    # install python-maec
    RUN git clone https://github.com/MAECProject/python-maec.git; \
        cd python-maec; python3 setup.py install

    # install python-cybox
    RUN git clone https://github.com/CybOXProject/python-cybox.git; \
        cd python-cybox; python3 setup.py install

    # install python stix
    RUN git clone https://github.com/STIXProject/python-stix.git; \
        cd python-stix; python3 setup.py install

    # install STIX2.0 library to support STIX 2.0 export:
    WORKDIR /var/www/MISP/cti-python-stix2
    RUN python3 setup.py install

    # install PyMISP
    WORKDIR /var/www/MISP/PyMISP
    RUN python3 setup.py install

    RUN pip3 install --no-cache-dir plyara pyzmq redis maec python-magic lief https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip git+https://github.com/kbandla/pydeep.git

# CakePHP
    # Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
    COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
    WORKDIR /var/www/MISP/app
    RUN  composer require kamisama/cake-resque:4.1.2 \
        ;composer config vendor-dir Vendor \
        ;composer install \
    # Enable CakeResque with php-redis
        ;phpenmod redis \
    # Enable CakeResque with php-gnupgp
        ;phpenmod gnupg \
    #installing ssdeep_php - pecl is dumb, we need to ensure the libs are in the specific place
        ;cp /usr/lib/x86_64-linux-gnu/libfuzzy.* /usr/lib; pecl install ssdeep; phpenmod ssdeep \
    # To use the scheduler worker for scheduled tasks, do the following:
        ;cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php

# Set the permissions
    # Check if the permissions are set correctly using the following commands:
    RUN chown -R www-data:www-data /var/www/MISP \
        ;chmod -R 750 /var/www/MISP \
        ;chmod -R g+ws /var/www/MISP/app/tmp \ 
        ;chmod -R g+ws /var/www/MISP/app/files \
        ;chmod -R g+ws /var/www/MISP/app/files/scripts/tmp

# Configure Apache
    # add HTTP MISP Config
    RUN rm /etc/apache2/sites-enabled/*;
    COPY files/etc/apache2/sites-enabled/misp.conf /etc/apache2/sites-enabled/
    COPY files/etc/apache2/sites-enabled/misp-ssl.conf /etc/apache2/sites-enabled/
    COPY files/etc/apache2/ports.conf /etc/apache2/ports.conf
    RUN set -eu \
        ;chmod 640 /etc/apache2/ports.conf \
        ;chown root.root /etc/apache2/ports.conf \
        ;chmod 640 /etc/apache2/sites-available/* \
        ;chown root.root /etc/apache2/sites-available/* \
    # Configure Apache
        ;a2dismod status \
        ;a2enmod ssl \
        ;a2enmod rewrite \
        ;a2enmod headers

# MISP Update and MISP Cron
    COPY --chown=www-data:www-data files/usr/local/bin/misp_update.sh /usr/local/bin/
    COPY --chown=www-data:www-data files/usr/local/bin/misp_cron.sh /usr/local/bin/

# Make a copy of the file store, so we can sync from it
    RUN cp -R /var/www/MISP/app/files /var/www/MISP/app/files.dist

# Entrypoints
    COPY files/etc/supervisor/supervisor.conf /etc/supervisor/conf.d/supervisord.conf
    COPY files/entrypoint_apache.sh /
    COPY files/entrypoint_cron.sh /
    COPY files/entrypoint_workers.sh /
    COPY files/entrypoint.sh /
    ENTRYPOINT [ "/entrypoint.sh" ]

# Change Workdirectory
WORKDIR /var/www/MISP