Public Repository

Last pushed: 3 months ago
Short Description
Dockerized version of MISP (Malware Information Sharing Platform)
Full Description

Introduction

This image contains the latest version of MISP (2.4.74). It requires a MySQL container to store the database.
See http://www.misp-project.org/ for more details.

Configuration

The container needs the following environment variables:

  • MYSQL_ROOT_PASSWORD = Root password for the MySQL database server
  • MYSQL_MISP_PASSWORD = MISP user password for the database
  • MYSQL_HOST = MySQL FQDN/IP
  • MISP_ADMIN_EMAIL = Admin email address (used to generated the PGP key)
  • MISP_ADMIN_PASSPHRASE = PGP key passphrase
  • MISP_BASEURL = MISP base URL (http://fqdn)
  • POSTFIX_RELAY_HOST = Smart relay for the local Postfix instance
  • TIMEZONE = Container timezone (optional)

The web interface is available via HTTP (TCP/80). I recommend to use a NGinx container as a reverse-proxy to provide SSL support.

Startup

The container is stand alone and can be started using the 'run' command or, better, a docker compose file:

version: '2'

networks:
  misp-network:
    driver: bridge

services:
  misp-web:
    build: .
    depends_on:
      - misp-db
    container_name: misp-web
    hostname: misp
    image: rootshell/misp:latest
    restart: always
    networks:
      - misp-network
    links:
      - misp-db
    expose:
      - 80
    volumes:
      - /dev/urandom:/dev/random
      - /data/misp:/var/www/MISP
    environment:
      - MYSQL_ROOT_PASSWORD=xxxx
      - MYSQL_MISP_PASSWORD=xxxx
      - MYSQL_HOST=misp-db
      - MISP_ADMIN_EMAIL=admin@admin.test
      - MISP_ADMIN_PASSPHRASE=abc123
      - MISP_BASEURL=http:\/\/misp\.test
      - POSTFIX_RELAY_HOST=relay.domain.com
      - TIMEZONE=Europe/Brussels

  misp-db:
    container_name: misp-db
    hostname: mysql
    image: mysql/mysql-server:latest
    restart: always
    networks:
      - misp-network
    volumes:
      - /data/tmp/mysql:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=xxx

Post Setup

The container will configure itself and MISP will be ready to use. However for a production environment, it is highly recommanded to review all the settings and adapt them to match your requirements.

Docker Pull Command
Owner
rootshell

Comments (0)