A production ready Docker MISP image (formerly hosted at https://github.com/ostefano/docker-misp, now deprecated) loosely based on CoolAcid and DSCO builds, with nearly all logic rewritten and verified for correctness and portability.
Notable features:
- MISP and MISP modules are split into two different Docker images,
misp-core
andmisp-modules
- Docker images are pushed regularly, no build required
- Lightweigth Docker images by using multiple build stages and a slim parent image
- Rely on off the shelf Docker images for Exim4, Redis, and MariaDB
- Cron jobs run updates, pushes, and pulls
- Fix supervisord process control (processes are correctly terminated upon reload)
- Fix schema update by making it completely offline (no user interaction required)
- Fix enforcement of permissions
- Fix MISP modules loading of faup library
- Fix MISP modules loading of gl library
- Add support for new background job system
- Add support for building specific MISP and MISP-modules commits
- Add automatic configuration of syncservers (see
configure_misp.sh
) - Add automatic configuration of authentication keys (see
configure_misp.sh
) - Add direct push of docker images to GitHub Packages
- Consolidated
docker-compose.yml
file - Workardound VirtioFS bug when running Docker Desktop for Mac
- ... and many others
The underlying spirit of this project is to allow "repeatable deployments", and all pull requests in this direction will be merged post-haste.
- Copy the
template.env
to.env
- Customize
.env
based on your needs (optional step)
docker-compose pull
if you want to use pre-built images ordocker-compose build
if you want to build your own (see theTroubleshooting
section in case of errors)docker-compose up
- Login to
https://localhost
- User:
[email protected]
- Password:
admin
- User:
Keeping the image up-to-date with upstream should be as simple as running docker-compose pull
.
The docker-compose.yml
file allows further configuration settings:
"MYSQL_HOST=db"
"MYSQL_USER=misp"
"MYSQL_PASSWORD=example" # NOTE: This should be AlphaNum with no Special Chars. Otherwise, edit config files after first run.
"MYSQL_DATABASE=misp"
"MISP_MODULES_FQDN=http://misp-modules" # Set the MISP Modules FQDN, used for Enrichment_services_url/Import_services_url/Export_services_url
"WORKERS=1" # Legacy variable controlling the number of parallel workers (use variables below instead)
"NUM_WORKERS_DEFAULT=5" # To set the number of default workers
"NUM_WORKERS_PRIO=5" # To set the number of prio workers
"NUM_WORKERS_EMAIL=5" # To set the number of email workers
"NUM_WORKERS_UPDATE=1" # To set the number of update workers
"NUM_WORKERS_CACHE=5" # To set the number of cache workers
New options are added on a regular basis.
- It is recommended to specify the build you want run by editing
docker-compose.yml
(see here for the list of available tags https://github.com/orgs/MISP/packages) - Directory volume mount SSL Certs
./ssl
:/etc/ssl/certs
- Certificate File:
cert.pem
- Certificate Key File:
key.pem
- CA File for Cert Authentication (optional)
ca.pem
- Certificate File:
- Additional directory volume mounts:
./configs
:/var/www/MISP/app/Config/
./logs
:/var/www/MISP/app/tmp/logs/
./files
:/var/www/MISP/app/files/
./gnupg
:/var/www/MISP/.gnupg/
- If you need to automatically run additional steps each time the container starts, create a new file
files/customize_misp.sh
, and replace the variable${CUSTOM_PATH}
insidedocker-compose.yml
with its parent path.
Custom root CA certificates can be mounted under /usr/local/share/ca-certificates
and will be installed during the misp-core
container start.
Note: It is important to have the .crt extension on the file, otherwise it will not be processed.
misp-core:
# ...
volumes:
- "./configs/:/var/www/MISP/app/Config/"
- "./logs/:/var/www/MISP/app/tmp/logs/"
- "./files/:/var/www/MISP/app/files/"
- "./ssl/:/etc/nginx/certs/"
- "./gnupg/:/var/www/MISP/.gnupg/"
# customize by replacing ${CUSTOM_PATH} with a path containing 'files/customize_misp.sh'
# - "${CUSTOM_PATH}/:/custom/"
# mount custom ca root certificates
- "./rootca.pem:/usr/local/share/ca-certificates/rootca.crt"
- Make sure you run a fairly recent version of Docker and Docker Compose (if in doubt, update following the steps outlined in https://docs.docker.com/engine/install/ubuntu/)
- Some Linux distributions provide a recent version of Docker but a legacy version of Docker Compose, so you can try running
docker compose
instead ofdocker-compose
- Make sure you are not running an old image or container; when in doubt run
docker system prune --volumes
and clone this repository into an empty directory
A GitHub Action builds both misp-core
and misp-modules
images automatically and pushes them to the GitHub Package registry. We do not use tags inside the repository; instead we tag images as they are pushed to the registry. For each build, misp-core
and misp-modules
images are tagged as follows:
misp-core:${commit-sha1}[0:7]
andmisp-modules:${commit-sha1}[0:7]
where${commit-sha1}
is the commit hash triggering the buildmisp-core:latest
andmisp-modules:latest
in order to track the latest builds availablemisp-core:${CORE_TAG}
andmisp-modules:${MODULES_TAG}
reflecting the underlying version of MISP and MISP modules (as specified inside thetemplate.env
file at build time)