-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile.alpine
285 lines (238 loc) · 8.47 KB
/
Dockerfile.alpine
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
# na czas budowania obrazu - źródło plików:
FROM alpine:latest as FilesSource
ARG MISP_TAG=2.4.188
RUN apk update && apk add --no-cache wget && mkdir -p /opt/docker-misp
RUN cd /opt/ && wget https://github.com/mkilijanek/misp-server/archive/refs/tags/${MISP_TAG}.tar.gz -cO /opt/${MISP_TAG}.tar.gz && tar xvf /opt/${MISP_TAG}.tar.gz -C /opt && cp -r /opt/misp-server-${MISP_TAG}/* /opt/docker-misp/
RUN apk del git wget && rm -rf /var/cache/apk/*
# budowanie obrazu:
FROM composer:lts as composer-build
ARG MISP_TAG=v2.4.188
RUN set -eux; \
mkdir -p /var/www/MISP ; \
git clone --branch ${MISP_TAG} --depth 1 https://github.com/MISP/MISP.git /var/www/MISP; \
cd /var/www/MISP; \
git submodule update --init --recursive; \
mkdir -p /deps; \
mv PyMISP /deps/; \
cd /var/www/MISP/app/files/scripts; \
mv mixbox /deps/; \
mv python-maec /deps/; \
mv python-cybox /deps/; \
mv python-stix /deps/; \
mv cti-python-stix2 /deps/
WORKDIR /var/www/MISP/app
RUN set -eux; \
composer config --no-plugins allow-plugins.composer/installers true; \
composer install --ignore-platform-reqs ; \
composer require jumbojett/openid-connect-php --ignore-platform-reqs
FROM debian:bullseye-slim as php-build
ENV DEBIAN_FRONTEND noninteractive
RUN set -eux; \
apt-get update; \
apt-get upgrade -y; \
apt-get install -y --no-install-recommends \
gcc \
make \
libfuzzy-dev \
ca-certificates \
php \
php-dev \
php-pear \
librdkafka-dev \
git; \
apt-get autoremove -y; \
apt-get clean -y; \
rm -rf /var/lib/apt/lists/*
RUN set -eux; \
pecl channel-update pecl.php.net; \
cp /usr/lib/x86_64-linux-gnu/libfuzzy.* /usr/lib; \
pecl install ssdeep; \
pecl install rdkafka; \
git clone --recursive --depth=1 https://github.com/kjdev/php-ext-brotli.git; \
cd php-ext-brotli; \
phpize; \
./configure; \
make; \
make install
FROM debian:bullseye-slim as python-build
ENV DEBIAN_FRONTEND noninteractive
RUN set -eux; \
apt-get update; \
apt-get upgrade -y; \
apt-get install -y --no-install-recommends \
gcc \
git \
python3 \
python3-dev \
python3-pip \
python3-setuptools \
python3-wheel \
libfuzzy-dev \
libffi-dev \
ca-certificates; \
apt-get autoremove -y; \
apt-get clean -y; \
rm -rf /var/lib/apt/lists/*
RUN mkdir /wheels
WORKDIR /tmp
# install mixbox
COPY --from=composer-build /deps/mixbox/ /tmp/mixbox/
RUN set -eux; \
cd mixbox; \
ls; \
python3 setup.py bdist_wheel -d /wheels; \
sed -i 's/-e //g' requirements.txt; \
pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
# install python-maec
COPY --from=composer-build /deps/python-maec/ /tmp/python-maec/
RUN set -eux; \
cd python-maec; \
python3 setup.py bdist_wheel -d /wheels
# install python-cybox
COPY --from=composer-build /deps/python-cybox/ /tmp/python-cybox/
RUN set -eux; \
cd python-cybox; \
python3 setup.py bdist_wheel -d /wheels; \
sed -i 's/-e //g' requirements.txt; \
pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
# install python stix
COPY --from=composer-build /deps/python-stix/ /tmp/python-stix/
RUN set -eux; \
cd python-stix; \
python3 setup.py bdist_wheel -d /wheels; \
sed -i 's/-e //g' requirements.txt; \
pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
# install STIX2.0 library to support STIX 2.0 export
COPY --from=composer-build /deps/cti-python-stix2/ /tmp/cti-python-stix2/
RUN set -eux; \
cd cti-python-stix2; \
python3 setup.py bdist_wheel -d /wheels; \
sed -i 's/-e //g' requirements.txt; \
pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
# install PyMISP
#COPY --from=composer-build /deps/PyMISP /tmp/PyMISP/
#RUN set -eux; \
# cd /tmp/PyMISP; \
# python3 setup.py bdist_wheel -d /wheels
# grab other modules we need
RUN set -eux; \
pip3 wheel --no-cache-dir -w /wheels/ plyara pyzmq redis python-magic lief cryptography pydeep pymisp
# remove extra packages due to incompatible requirements.txt files
WORKDIR /wheels
RUN set -eux; \
find . -name "pluggy*" | grep -v "pluggy-0.13.1" | xargs rm -f; \
find . -name "tox*" | grep -v "tox-2.7.0" | xargs rm -f; \
find . -name "Sphinx*" | grep -v "Sphinx-1.8.6" | xargs rm -f; \
find . -name "docutils*" | grep -v "docutils-0.17.1" | xargs rm -f; \
find . -name "pyparsing*" | grep -v "pyparsing-3.0.6" | xargs rm -f; \
find . -name "coverage*" | xargs rm -f; \
find . -name "pytest*" | xargs rm -f
FROM debian:bullseye-slim
ENV DEBIAN_FRONTEND noninteractive
#PHP 7.4.0
ARG PHP_VER=20190902
# Use MariaDB mirror repository (more up to date than Debian repositories!):
RUN set -eux; \
apt-get update; \
apt-get install apt-transport-https curl -y; \
curl -o /etc/apt/trusted.gpg.d/mariadb_release_signing_key.asc 'https://mariadb.org/mariadb_release_signing_key.asc'; \
echo 'deb https://ftp.icm.edu.pl/pub/unix/database/mariadb/repo/10.6/debian bullseye main' >>/etc/apt/sources.list; \
apt-get update
# OS packages
RUN set -eux; \
apt-get update; \
apt-get upgrade -y; \
apt-get install -y --no-install-recommends \
# requirements
libfcgi-bin \
gettext-base \
procps \
sudo \
nginx \
supervisor \
git \
cron \
openssl \
gpg-agent \
gpg \
ssdeep \
libfuzzy2 \
mariadb-client \
rsync \
# Python Requirements
python3 \
python3-setuptools \
python3-pip \
# PHP Requirements
php \
php-curl \
php-xml \
php-intl \
php-bcmath \
php-mbstring \
php-mysql \
php-redis \
php-gd \
php-fpm \
php-zip \
php-apcu \
php-opcache \
php-gnupg \
librdkafka1 \
libbrotli1 \
# Unsure we need these
zip \
unzip; \
apt-get autoremove -y; \
apt-get clean -y; \
rm -rf /var/lib/apt/lists/*
# MISP code
COPY --from=composer-build /var/www/MISP /var/www/MISP
# python Modules
COPY --from=python-build /wheels /wheels
RUN set -eux ;\
pip3 install -U pip && pip3 install --no-cache-dir /wheels/*.whl; \
rm -rf /wheels
# PHP
# install ssdeep prebuild, latest composer, then install the app's PHP deps
COPY --from=php-build /usr/lib/php/${PHP_VER}/ssdeep.so /usr/lib/php/${PHP_VER}/ssdeep.so
COPY --from=php-build /usr/lib/php/${PHP_VER}/rdkafka.so /usr/lib/php/${PHP_VER}/rdkafka.so
COPY --from=php-build /usr/lib/php/${PHP_VER}/brotli.so /usr/lib/php/${PHP_VER}/brotli.so
RUN set -eux; \
for dir in /etc/php/*; do echo "extension=rdkafka.so" > "$dir/mods-available/rdkafka.ini"; done; \
for dir in /etc/php/*; do echo "extension=brotli.so" > "$dir/mods-available/brotli.ini"; done; \
for dir in /etc/php/*; do echo "extension=ssdeep.so" > "$dir/mods-available/ssdeep.ini"; done; \
phpenmod rdkafka; \
phpenmod brotli; \
phpenmod ssdeep; \
cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
# change name of the file store, default configuration and tmp directory, so we can sync from it in the entrypoint
RUN set -eux; \
mv /var/www/MISP/app/files /var/www/MISP/app/files.dist; \
mv /var/www/MISP/app/Config /var/www/MISP/app/Config.dist; \
mv /var/www/MISP/app/tmp /var/www/MISP/app/tmp.dist
# nginx
RUN set -eux; \
rm /etc/nginx/sites-enabled/*; \
mkdir /run/php /etc/nginx/certs
COPY --from=FilesSource /opt/docker-misp/files/nginx/sites-available/ /etc/nginx/sites-available/
COPY --from=FilesSource /opt/docker-misp/files/nginx/conf.d/ /nginx-config-templates
COPY --from=FilesSource /opt/docker-misp/files/nginx/site-customization.conf /etc/nginx/site-customization.conf
# php configuration templates
COPY --from=FilesSource /opt/docker-misp/files/fpm-config-template.conf /fpm-config-template.conf
COPY --from=FilesSource /opt/docker-misp/files/php-config-templates /php-config-templates
# supervisor
COPY --from=FilesSource /opt/docker-misp/files/supervisor/supervisord.conf /etc/supervisord.conf
# entrypoints
COPY --from=FilesSource /opt/docker-misp/files/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
COPY --from=FilesSource /opt/docker-misp/files/entrypoint-workers.sh /usr/local/bin/entrypoint-workers.sh
# probes
COPY --from=FilesSource /opt/docker-misp/files/docker-readiness.sh /usr/local/bin/docker-readiness.sh
COPY --from=FilesSource /opt/docker-misp/files/docker-liveness.sh /usr/local/bin/docker-liveness.sh
COPY --from=FilesSource /opt/docker-misp/files/php-fpm-healthcheck /usr/local/bin/php-fpm-healthcheck
# change work directory
WORKDIR /var/www/MISP
RUN set -eux; \
apt-get update; \
apt-get install apt-transport-https curl -y;
ENTRYPOINT ["docker-entrypoint.sh"]