The easiest way to deploy the last version of MISP, leveraging the power of containers!
This setup is made of 12 services built on 6 images as follows. For the moment images are not in the Docker Hub or any public registry so you'll have to build them by yourself.
This image embeds the MISP source code and configuration files and serves them through php-fpm. This container is built in a multi-stage fashion starting from an Alpine container. The first stage fetches the MISP source code from MISP Project's GitHub repository, the second stage prepares the Python virtualenv with all MISP's dependencies, while the third and last puts things together with PHP installing also PHP dependencies.
The versions of the software installed are:
- Alpine Linux container 3.10
- Python 3.7
- PHP 7.4
- Ssdeep 2.13
- Composer 1.10
Some tuning settings for PHP are applied according to MISP's requirements.
I also patched CakeResque to keep it running in foreground, being compliant with Docker's logging approach. This allows me to give to each worker process its own container, and make workers scale through the container engine. Since this breaks the native workers management functionality of MISP, within the docker-compose file I decided to share the PID Namespace between workers and MISP services. Of course, MISP's worker management is definitively broken with Docker Swarm.
Patch is available here
I added two plugins for CakePHP and MISP that allow me to:
- Edit configuration scripts in a consistent way through CLI and scripts using MISP's own functions;
- Verify the readiness of the database service in order to perform some healthchecks while raising the containers up.
This image is used by the following services:
- misp
- worker_default
- worker_email
- worker_prio
- worker_update
- worker_cache
- worker_scheduler
Last but not least, the provided docker-compose specifies also the volumes needed to guarantee persistence.
This image contains all the MISP's enrichment modules and their dependencies.
This image is used by the following services:
- misp-modules
This image is a plain mariadb database image that, on first startup, is initialized with MISP's database schema, grabbed from the misp image through a multi-stage approach.
The provided docker-compose specifies also the volumes needed to guarantee persistence.
This image is used by the following services:
- database
Basic Redis image from Docker Hub
This image is used by the following services:
- redis
Redis commander is a Redis web management tool written in Node.JS. I embedded it to look into MISP's redis queues. Feel free to remove it if you don't need it.
This image is used by the following services:
- redis-commander
This is basically an Nginx image that serves MISP interacting with php-fpm, and redis-commander under the /redis-commander/ path. If you don't need redis-commander feel free to remove its definition and rebuild the container. This is probably the right place (unless you don't have any alternative architecture) to implement HTTPS.
This image is used by the following services:
- frontend
To install MISP using this recipe, by now, you need a machine with Docker and docker-compose:
- Clone the repository
$ git clone https://github.com/patriziotufarolo/misp-containers
- Cd into it
$ cd misp-containers
-
Review / customize the
.envfile -
Run the docker-compose...
# docker-compose up -d
- ENJOY! (and take a look at the green lights in the Diagnostic page :) )
- Rebuild the misp and worker images
# docker-compose build misp
# docker-compose build worker_default
- Shutdown everything
# docker-compose down
- Find the MISP source volume
# docker volume ls | grep misp-source
- Remove that volume
# docker volume rm <NAME OF THE VOLUME FOUND ABOVE>
- Rebuild the setup
# docker-compose up -d
Thanks to the volumes you are not going to lose data.
Further documentation and automation scripts will be provided soon.
If you want to contribute to this project feel free to report issues, fork the code, patch it, send pull requests!
For the moment I used just the master branch, I will start working with gitflow to implement new features.
This project is licensed under MIT License.
Copyright (C) 2020 Patrizio Tufarolo
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
MISP is licensed under GNU Affero General Public License version 3
Copyright (C) 2012 Christophe Vandeplas
Copyright (C) 2012 Belgian Defence
Copyright (C) 2012 NATO / NCIRC
Copyright (C) 2013-2019 Andras Iklody
Copyright (C) 2015-2019 CIRCL - Computer Incident Response Center Luxembourg
Copyright (C) 2016 Andreas Ziegler