MISP/Docker

TheOfficalNick

@TheOfficalNick

Hi all. I am having issues with a cronjob for my MISP instance which is dockerized. I am rather sure its something stupid I am doing. The script works fine if you manually fire it. Here is a link to the Microsoft documentation that I followed https://github.com/microsoftgraph/security-api-solutions/blob/master/Samples/MISP/README.md Here is my cronjob 30 0,4,8.12,16,20 * /var/www/MISP/security-api-solutions/Samples/MISP/python3 script.sh

Anders Einar (Kagee)

@hildenae:matrix.org

So maybe someone else don't have to go throught this - on debian 11, you need libldap-common for ldaps. ldap without the s works fine, and ldap_bind gives useless error messages with ldaps.

re the coolacid docker upgrading to debian 11

spexboy

@spexboy

nginx: [emerg] too long parameter "##########..." started in /etc/nginx/sites-enabled/misp:3
Getting this error when i try to restart the nginx.

a-ml

@a-ml

anyone successful running misp docker on M1?

Weliton Souza

@ServSlack

Can you specify what is M1 ?

a-ml

@a-ml

MacBook with M1 ship

Weliton Souza

@ServSlack

I think that if you can install Docker inside you MAC, probably you are able to run MISP there.

a-ml

@a-ml

Yes I know that... but seems that the docker image doesn't support ARM64 processor

Weliton Souza

@ServSlack

Maybe you can use VIRTUALBOX and inside there use a AMD64 VM to use and do your tests.

a-ml

@a-ml

Virtualbox isn't an emulator... so if I install VB on ARM64 which is not supported at moment, I would no be able to use a AMD, since VB isn't an emulator.

anyway thank you

Anders Einar (Kagee)

@hildenae:matrix.org

MISP is just PHP (and python) code. So as long as you can get a working webserver, PHP and python inside a docker or straight on the host, you can run MISP

Fukusuke Takahashi

@fukusuket

@a-ml I can run docker misp on M1 MacBook air as follows.
https://github.com/MISP/misp-docker/issues/141#issuecomment-1172992220

Anders Einar (Kagee)

@hildenae:matrix.org

@coolacid: hmm, have you managed to build the docker on *.159 ?

Anders Einar (Kagee)

@hildenae:matrix.org

i get here

Step 36/55 : COPY --from=composer-build /tmp/Vendor /var/www/MISP/app/Vendor
 ---> 7f6834a577d1
Step 37/55 : COPY --from=composer-build /tmp/Plugin /var/www/MISP/app/Plugin
COPY failed: stat tmp/Plugin: file does not exist

https://getcomposer.org/doc/06-config.md#allow-plugins maybe ?

Anders Einar (Kagee)

@hildenae:matrix.org

https://packagist.org/packages/composer/installers

composer/installers contains a Composer plugin which is blocked by your allow-plugins config. You may add it to the list if you consider it safe. See https://getcomposer.org/allow-plugins
You can run "composer config --no-plugins allow-plugins.composer/installers [true|false]" to enable it (true) or keep it disabled and suppress this warning (false)

Anders Einar (Kagee)

@hildenae:matrix.org

@coolacid: PR coolacid/docker-misp#179

edwin3746

@edwin3746

HI, is there a way to change the default listening port in MISP's docker compose.yml to something other than port 80?

4 replies

luciano (righel)

@luciano:matrix.circl.lu

try https://localhost

edwin3746

@edwin3746

hmm..it says the site cant be reached (localhost refused to connect.)

luciano (righel)

@luciano:matrix.circl.lu

checking

Anders Einar (Kagee)

@hildenae:matrix.org

You just removed the line 31 correct, you didn't change it to something else?

edwin3746

@edwin3746

yes, my ports: section only has "443:443" now

luciano (righel)

@luciano:matrix.circl.lu

works without issues for me.

edwin3746

@edwin3746

let me try again

luciano (righel)

@luciano:matrix.circl.lu

maybe you tried browsing the page before the containers finished the bootstrap?

edwin3746

@edwin3746

hmm its possible

did you receive this

luciano (righel)

@luciano:matrix.circl.lu

yes

default certificates are self-signed, you can replace them with lets encrypt ones if you want

edwin3746

@edwin3746

ahhh i see

so after replacing them with a generated certificate of my own, it would be secured?

luciano (righel)

@luciano:matrix.circl.lu

yes

edwin3746

@edwin3746

I see. Thank you all so much. Have been a great help

luciano (righel)

@luciano:matrix.circl.lu

you should place your certificates in the ssl directory

edwin3746

@edwin3746

gotcha :)

David Decker

@xfaith

Trying to to use run misp-docker with portainer, getting an error misp:latest image does not exist.

edwin3746

@edwin3746

hi, does anyone know why the 'baseurl' field in my MISP config.php file keeps reverting to default after i stop and start my AWS instance?

MISP is on docker, and started using docker compose up

2 replies

luciano (righel)

@luciano:matrix.circl.lu

You can create a docker-compose.override.yml file and specify the baseurl you want to remain after re-launching the containers.
see: https://github.com/coolacid/docker-misp/blob/master/docker-compose.yml#L40

Your docker-compose.override.yml file should look something like this:

version: '3'
services:
  misp:
    environment:
      - "HOSTNAME=https://PUT_YOUR_BASE_URL_HERE"

edwin3746

@edwin3746

oh so the HOSTNAME field corresponds to the 'baseurl' filed in config.php. Didn't know that, thanks so much again!

1 reply

luciano (righel)

@luciano:matrix.circl.lu

yes, it's replaced here: https://github.com/coolacid/docker-misp/blob/master/server/files/entrypoint_nginx.sh#L37

Anders Einar (Kagee)

@hildenae:matrix.org

For those of you using a newer mysql/mariadb docker, and a an older database, maybe check for Incorrect definition of table mysql.*** in the db docker logs

a mysql_upgrade -u root -p should fix it

(or mariadb-upgrade, as it might be)