MISP dockerized is a project designed to provide an easy-to-use and easy-to-install 'out of the box' MISP instance that includes everything you need to run MISP with minimal host-side requirements.
MISP dockerized uses MISP (Open Source Threat Intelligence Platform - https://github.com/MISP/MISP), which is maintend and developed by the MISP project team (https://www.misp-project.org/)
THIS PROJECT IS IN BETA PHASE
Travis Master |
Name | Travis | Docker Size & Layers | Latest Docker Version | Commit | Container License |
---|---|---|---|---|---|
misp-proxy | |||||
misp-server | |||||
misp-robot | |||||
misp-postfix |
For the Installation of MISP dockerized you need at least:
Component | minimum Version |
---|---|
Docker | 17.03.0-ce |
Git | newest Version from Distribution |
For the Installation the followed Connections need to available:
URL | Direction | Protocol | Destination Port |
---|---|---|---|
*.docker.io | outgoing TCP | 443 | |
*.docker.com | outgoing TCP | 443 | |
github.com* | outgoing | TCP | 443 |
misp.dcso.de | outgoing | TCP | 443 |
This contains all required docker container:
Container | based on | purpose |
---|---|---|
misp-proxy | alpine | reverse proxy |
misp-server | ubuntu | MISP application server, redis server and DB server |
misp-robot | ubuntu | deploy & configuration manager |
This contains:
- scripts
- tools
After cloning the repository change the branch to the required, for example:
$> git clone https://github.com/DCSO/MISP-dockerized.git && git checkout tags/2.4.88-beta.3
Before you start the container, you have to setup the TLS certificates and the Diffie-Hellman file.
Please make sure that the certificate and key are in PEM-Format - recognizable in the first line:
"-----BEGIN CERTIFICATE-----"
or
"-----BEGIN RSA PRIVATE KEY-----"
when opening it in an editor like 'vim' or 'nano'
If all prerequsites are fulfilled, you can deploy them as follows:
- Copy the Certificate Key File to
./config/ssl/key.pem
- Copy the Certificate Chain file to
./config/ssl/cert.pem
- (OPTIONAL) During installation Diffie-Hellman Params will be freshly build, but if you still want to create them yourself, use the following command 1 or copy your existing one to
./config/ssl/dhparams.pem
To start the deployment and build the configuration files and configure the whole environment, simply enter:
$> make start
We decided, that build config and deploy environment can be done in one step.
MISP dockerized comes with a requirements script that checks if all components are installed, is the user part of the docker group and has the user the right permission on the github repository folder. Simply start:
$> make requirements
If you want to do it manual: MISP dockerized comes with a build script that creates all required config files. Simply start:
$> make build-config
The build script download our DCSO/misp-robot and start him with the build script. Therefore you can't find the script directly in the github repository.
To start the deployment process, simply enter:
$> make deploy
After deployment, you now have a simple basic MISP installation without any further configuration. To configure the instance with all specified parameters, use the following command:
$> make configure
After these step, you now should have a configured running MISP Instance!
Gratulation! Your MISP Environment is deployed!
Now you can setup and configure your MISP Environment as normal.
If you need Help look here: https://www.circl.lu/doc/misp/
Special for Quick Start in MISP: https://www.circl.lu/doc/misp/quick-start/
To back up your instance, MISP dockerized comes with a backup and restore script that will do the job for you. To create a backup start:
$> ./scripts/backup_restore backup [service]
or
$> make backup-[service] for example: make backup-all
[service]
is the service you want to create a backup. you can chose between redis|mysql|server|proxy|all
Works similar to the backup process. Just run the backup and restore script
$> ./scripts/backup_restore restore
or
$> make restore
$ systemctl enable docker.service
To delete everything e.g. to start from scratch you can use this:
&> make delete
This delete the MISP images, network, containers and volumes.
Warning
make delete
delete all volumes, leading to a loss of all your data. Make sure you have saved everything before you run it.
If was possible, all logfiles are forwarded to docker log mechanism. Therefore you can do:
docker logs -f misp-server
or any other container name.
If you want to start from scratch or reinitialse your MISP instance, make sure you have delete everything. Clone the repository and start the container deployment with make start
. After that restore all your volumes as described at Backup and Recovery
.
To access the container e.g. to change MISP config.php or proxy config, you can use:
docker exec -it dcso/[container] bash
Container variants: misp-robot
misp-server
misp-proxy
(for the ubuntu version only)
For the misp-proxy if you have alpine version:
docker exec -it dcso/misp-proxy sh
To Delete all local Images:
docker system prune -a
To delete only all non-tagged (dangling) Images:
docker rmi $(docker images -f "dangling=true" -q)
List Logs
docker logs -f misp-server
Currently the following things are not yet implemented but are planned
- GnuPG Support
- Postfix
- MISP-Modules
- https://mariadb.com/kb/en/library/installing-and-using-mariadb-via-docker/
- https://hub.docker.com/r/_/mariadb/
This software is released under a BSD 3-Clause license. Please have a look at the LICENSE file included in the repository.
Copyright (c) 2018, DCSO Deutsche Cyber-Sicherheitsorganisation GmbH