• Stars
    star
    223
  • Rank 178,458 (Top 4 %)
  • Language
    Shell
  • License
    GNU General Publi...
  • Created almost 5 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A (nearly) production ready Dockered MISP

CoolAcid's MISP Docker images

Codacy Badge CodeFactor Build Status Gitter chat

A (nearly) production ready Dockered MISP

This is based on some of the work from the DSCO docker build, nearly all of the details have been rewritten.

  • Components are split out where possible, currently this is only the MISP modules
  • Over writable configuration files
  • Allows volumes for file store
  • Cron job runs updates, pushes, and pulls - Logs go to docker logs
  • Docker-Compose uses off the shelf images for Redis and MySQL
  • Images directly from docker hub, no build required
  • Slimmed down images by using build stages and slim parent image, removes unnecessary files from images

Docker Tags

Docker hub builds the images automatically based on git tags. I try and tag using the following details

v[MISP Version][Our build version]

  • MISP version is the MISP tag we're building
  • Our build version is the iteration for our changes with the same MISP version
  • Core and modules are split into [core]-version and [modules]-version respectively

Getting Started

Development/Test

  • Grab the docker-compose.yml and server-configs/email.php files (Keep directory structure)

  • A dry run will create sane default configurations

  • docker-compose up

  • Login to https://localhost

  • Profit

Using the image for development

Pull the entire repository, you can build the images using docker-compose -f docker-compose.yml -f build-docker-compose.yml build

Once you have the docker container up you can access the container by running docker-compose exec misp /bin/bash. This will provide you with a root shell. You can use apt update and then install any tools you wish to use. Finally, copy any changes you make outside of the container for commiting to your branch. git diff -- [dir with changes] could be used to reduce the number of changes in a patch file, however, becareful when using the git diff command.

Updating

Updating the images should be as simple as docker-compose pull which, unless changed in the docker-compose.yml file will pull the latest built images.

Production

  • It is recommended to specify which build you want to be running, and modify that version number when you would like to upgrade

  • Use docker-compose, or some other config management tool

  • Directory volume mount SSL Certs ./ssl: /etc/ssl/certs

    • Certificate File: cert.pem
    • Certificate Key File: key.pem
    • CA File for Cert Authentication (optional) ca.pem
  • Directory volume mount and create configs: /var/www/MISP/app/Config/

  • Additional directory volume mounts:

    • /var/www/MISP/app/files
    • /var/www/MISP/.gnupg
    • /var/www/MISP/.smime

Building

If you are interested in building the project from scratch - git clone or download the entire repo and run docker-compose -f build-docker-compose.yml build

Image file sizes

  • Core server(Saved: 2.5GB)

    • Original Image: 3.17GB
    • First attempt: 2.24GB
    • Remove chown: 1.56GB
    • PreBuild python modules, and only pull submodules we need: 800MB
    • PreBuild PHP modules: 664MB
  • Modules (Saved: 640MB)

    • Original: 1.36GB
    • Pre-build modules: 750MB

More Repositories

1

GettingStartedWithELK

Getting Started with ELK
50
star
2

docker-snort

Snort in a Docker Container
Shell
30
star
3

logstash-grok

Some logstash grok patterns
26
star
4

ComputerCraft

Scripts Related to Minecraft ComputerCraft
Lua
19
star
5

misp_feedgen

Feed Generator for MISP
Python
18
star
6

logstash-filter-virustotal

Virustotal Lookup filter for Logstash
Ruby
16
star
7

elasticsearch-proxy

No Longer Maintained -- A simple PHP based ElasticSearch Proxy to add Filters on the fly.
PHP
11
star
8

bfxtrade

No Longer Maintained -- Very Simple Trading bot for Bitfinex
Python
9
star
9

logstash-filter-threatbutt

Access the threatbutt API via logstash
Ruby
8
star
10

python_buzz

Python Library to handle Buzz! controllers
Python
8
star
11

aprs

Mini-APRS Transmitter
C++
6
star
12

slackbot-twitch

A simple bot todo cool things with slack and twitch
JavaScript
6
star
13

BadCertCheck

Check for possible Symantec/Chrome Cert Problems
Python
6
star
14

docker-logstash-rabbitmq

Docker PoC build for LS/RabbitMQ
Shell
5
star
15

pybtcstatlib

Python Lib to get Bitcoin stats from web apis
Python
5
star
16

nodecg-textfiles

[WIP] - NodeCG application that listens for Replicants and writes text files
JavaScript
4
star
17

nodecg-progress

[WIP] NodeCG module to track progress of subs/tips/followers
HTML
3
star
18

logstash-filter-phishtank

Access the Phishtank API via logstash
Ruby
2
star
19

mx5000tools-revo

Linux tools for the MX5000 series keyboard and Revolution Mouse
Shell
2
star
20

logstash-filter-xforce

Query XForce exchange via Logstash
Ruby
2
star
21

arduino-ctcss

CTCSS Decoder for Arduino
Arduino
2
star
22

nodecg-latestevents

JavaScript
1
star
23

py-traeger

Python
1
star
24

logstash-cif

No Longer Maintained -- Logstash Filter to Query a CIF Server
Shell
1
star
25

NodeCG-Docker-Base

Base docker functions for nodecg
Shell
1
star
26

logstash-filter-cache-memcached

Memcached cache filter for Logstash
Ruby
1
star
27

logstash-input-twitch

Logstash input to get Twitch stream stats
Ruby
1
star
28

Buildroot-sdr

Buildroot modules used for SDR and ADSB
Makefile
1
star
29

twitchtracker

Twitch Tracker, is a script that lets you monitor twitch for events
JavaScript
1
star