{"id":13510612,"url":"https://github.com/NUKIB/misp","last_synced_at":"2025-03-30T16:34:16.280Z","repository":{"id":39920526,"uuid":"443530156","full_name":"NUKIB/misp","owner":"NUKIB","description":"Docker image for MISP","archived":false,"fork":false,"pushed_at":"2024-04-09T15:32:56.000Z","size":183,"stargazers_count":99,"open_issues_count":30,"forks_count":41,"subscribers_count":7,"default_branch":"main","last_synced_at":"2024-04-10T00:54:51.018Z","etag":null,"topics":["docker","docker-image"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NUKIB.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-01-01T12:02:35.000Z","updated_at":"2024-04-14T18:38:48.527Z","dependencies_parsed_at":"2023-02-01T06:31:17.665Z","dependency_job_id":"6827def3-ac8b-40f3-b2dc-0c58073b877d","html_url":"https://github.com/NUKIB/misp","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NUKIB%2Fmisp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NUKIB%2Fmisp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NUKIB%2Fmisp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NUKIB%2Fmisp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NUKIB","download_url":"https://codeload.github.com/NUKIB/misp/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222566739,"owners_count":17004237,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","docker-image"],"created_at":"2024-08-01T02:01:46.807Z","updated_at":"2025-03-30T16:34:16.273Z","avatar_url":"https://github.com/NUKIB.png","language":"Python","funding_links":[],"categories":["PHP","docker"],"sub_categories":[],"readme":"# MISP Docker image\n\n[MISP](https://github.com/misp/misp/) container (Docker) image focused on high performance and security based on [AlmaLinux 9](https://hub.docker.com/_/almalinux), ready for production.\n\nThis image contains the latest version of MISP and the required dependencies. Image is intended as immutable, which means that it is not possible\nto update MISP from the user interface and instead, an admin should download a newer image.\n\n\u003e [!IMPORTANT] \n\u003e This container is intended to be used with MISP v2.5. If you want to use older MISP v2.4, please use [`misp-2.4` branch](https://github.com/NUKIB/misp/tree/misp-2.4). \n\n\u003e [!IMPORTANT] \n\u003e This container is intended to be used with RHEL 9 base image. If you want to use older base image, please use [`el8` branch](https://github.com/NUKIB/misp/tree/el8).\n\n## Key features\n\n* ๐ŸŽฉ Image is based on AlmaLinux, so it perfectly fits your infrastructure if you use CentOS or RHEL as a host system\n* โœ… Modern MISP features are enabled by default (like advanced audit log or storing settings in the database)\n* ๐Ÿ‘ฉโ€๐Ÿ’ป Integrated support for [OpenID Connect (OIDC) authentication](docs/OIDC.md)\n* ๐Ÿ”’๏ธ PHP is by default protected by Snuffleupagus extensions with [rules](snuffleupagus-misp.rules) tailored to MISP\n* ๐Ÿš€ Optional extensions and configurations that will make MISP faster are enabled\n* ๐Ÿ““ Integrated support for logging into [ECS format](docs/LOGGING.md), exceptions to Sentry and forwarding logs to syslog server\n* ๐Ÿงช The final image is automatically tested, so every release should work as expected\n* ๐Ÿ› Build for amd64 (x86_64) and arm64 (aarch64)\n\n## Usage\n\nFirst, you have to install Docker. Follow [these manuals](https://docs.docker.com/engine/install/) how to install Docker on your machine. Windows, macOS, or Linux are supported.\nFor Linux, you also need to install [Docker Compose V2](https://docs.docker.com/compose/cli-command/), on macOS or Windows is already included in Docker itself.\nOr you can use Docker Compose V1, but then you have to use all commands with a dash (so `docker-compose` instead of `docker compose`). \n\n### Usage for testing\n\nDocker Compose file defines MISP itself, [MISP Modules](https://github.com/NUKIB/misp-modules), MariaDB and Redis, so everything you need to run MISP. Just run:\n\n curl --proto '=https' --tlsv1.2 -O https://raw.githubusercontent.com/NUKIB/misp/main/docker-compose.yml\n docker compose up -d\n\nThen you can access MISP in your browser by accessing `http://localhost:8080`. The default user after installation is `admin@admin.test` with the password `admin`.\n\nTo delete all volumes after testing, run:\n\n docker-compose down -v\n\n### Updating\n\nWhen a new MISP is released, a new container image is also created. To update MISP and MISP Modules, just run these commands in the folder that contains `docker-compose.yml` file.\nThese commands will download the latest images and recreate containers. All data will be preserved.\n\n docker compose pull\n docker compose up -d\n\n### Usage in a production environment\n\nFor production usage, please:\n* change passwords for MariaDB and Redis,\n* modify environment variables to requested values,\n* deploy reverse proxy (for example `nginx`) before MISP to handle HTTPS connections.\n * do not forget to send the proper `X-Forwared-For` header\n\n### Usage in air-gapped environment\n\nMISP by default does not require access to Internet. So it is possible to use MISP in air-gapped environment or an environment with blocked outgoing connections. Check [AIR-GAP.md](docs/AIR-GAP.md) for more information.\n\n### Image building\n\nIf you don't trust image built by GitHub Actions and stored in GitHub Container Registry or you want to build a different MISP version, you can build this image by yourself:\n\n docker build --build-arg MISP_VERSION=v2.5.0 -t ghcr.io/nukib/misp https://github.com/NUKIB/misp.git#main\n\nIf you don't like AlmaLinux, you can use as a base image different distribution that is compatible with AlmaLinux 9, like [CentOS Stream](https://www.centos.org/centos-stream/) or [Rocky Linux](https://hub.docker.com/r/rockylinux/rockylinux):\n\n docker build --build-arg BASE_IMAGE=quay.io/centos/centos:stream9 -t ghcr.io/nukib/misp https://github.com/NUKIB/misp.git#main\n\n## Logging\n\nLogging is important to keep your MISP secure and in good condition. [Check detailed manual how to configure logging.](docs/LOGGING.md)\n\n## Environment variables\n\nBy changing or defining these container environment variables, you can change container behavior.\n\n### Database connection\n\nMISP requires MySQL or MariaDB database.\n\n* `MYSQL_HOST` (required, string) - hostname or IP address\n* `MYSQL_PORT` (optional, int, default `3306`)\n* `MYSQL_LOGIN` (required, string) - database user\n* `MYSQL_PASSWORD` (optional, string)\n* `MYSQL_DATABASE` (required, string) - database name\n* `MYSQL_SETTINGS` (optional, string) - database settings, which should be set for each db connection (JSON dict, or semicolon separated key value pairs)\n* `MYSQL_FLAGS` (required, string) - PDO flags which should be set for each db connection (JSON dict, or semicolon separated key value pairs)\n\n### Redis\n\nBy default, MISP requires Redis. MISP will connect to Redis defined in `REDIS_HOST` variable on port `6379`. Redis alternative [Dragonfly](https://www.dragonflydb.io) is also supported.\n\n* `REDIS_HOST` (required, string) - hostname or IP address\n* `REDIS_PASSWORD` (optional, string) - password used to connect password-protected Redis instance\n* `REDIS_USE_TLS` (optional, bool) - enable encrypted communication\n\n#### Default Redis databases\n\n* `10` - ZeroMQ connector\n* `11` - SimpleBackgroundJobs\n* `12` - session data if `PHP_SESSIONS_IN_REDIS` is enabled\n* `13` - MISP app\n\n### Application\n\n* `MISP_BASEURL` (required, string) - full URL with https:// or http://\n* `MISP_UUID` (required, string) - MISP instance UUID (can be generated by `uuidgen` command)\n* `MISP_ORG` (required, string) - MISP default organisation name\n* `MISP_HOST_ORG_ID` (optional, int, default `1`) - MISP default organisation ID\n* `MISP_MODULE_URL` (optional, string) - full URL to MISP modules\n* `MISP_DEBUG` (optional, boolean, default `false`) - enable debug mode (do not enable on production environment)\n* `MISP_OUTPUT_COMPRESSION` (optional, boolean, default `true`) - enable or disable gzip or brotli output compression\n\n[Check more variables that allow MISP customization.](docs/CUSTOMIZATION.md)\n\n### Email setting\n\n* `SMTP_HOST` (optional, string) - SMTP server that will be used for sending emails. SMTP server must support STARTTLS.\n* `SMTP_PORT` (optional, int, default `25`) - the TCP port for the SMTP host. Must support STARTTLS.\n* `SMTP_USERNAME` (optional, string)\n* `SMTP_PASSWORD` (optional, string)\n* `MISP_EMAIL` (required, string) - the email address that MISP should use for all notifications\n* `MISP_EMAIL_REPLY_TO` (optional, string) - the email address that will be used in `Reply-To` header\n* `MISP_DEFAULT_PUBLISH_ALERT` (optional, bool, default `false`) - if sending event alert emails should be enabled by default to newly created users\n* `SUPPORT_EMAIL` (optional, string) - the email address that will be included in Apache error pages\n\n### PGP for email encryption and signing\n\n* `GNUPG_SIGN` (optional, boolean, default `false`) - sign outgoing emails by PGP\n* `GNUPG_PRIVATE_KEY` (optional, string) - private key used to sign emails sent by MISP\n* `GNUPG_PRIVATE_KEY_PASSWORD` (optional, string) - password for PGP private key used to sign emails sent by MISP\n* `GNUPG_BODY_ONLY_ENCRYPTED` (optional, boolean, default `false`)\n\nAlternatively, if you want to generate new PGP keys for email signing instead of\nproviding a key using `GNUPG_PRIVATE_KEY`, you can do it by running this command\ninside the container:\n\n gpg --homedir /var/www/MISP/.gnupg --full-generate-key --pinentry-mode=loopback --passphrase \"password\"\n\n### Security\n\n* `SECURITY_SALT` (required, string) - random string (recommended at least 32 chars) used for salting hashed values (you can use `openssl rand -base64 32` output as value)\n* `SECURITY_ADVANCED_AUTHKEYS` (optional, boolean, default `false`) - enable advanced auth keys support\n* `SECURITY_HIDE_ORGS` (optional, boolean, default `false`) - hide org names for normal users\n* `SECURITY_ENCRYPTION_KEY` (optional, string) - encryption key with at least 32 chars that will be used to encrypt sensitive information stored in database *WARNING:* Never change this value after deployment!\n* `SECURITY_CRYPTO_POLICY` (optional, string, default `DEFAULT:NO-SHA1`) - set container wide crypto policies. [More details](https://www.redhat.com/en/blog/consistent-security-crypto-policies-red-hat-enterprise-linux-8). Use an empty string to keep container default value.\n* `SECURITY_REST_CLIENT_ENABLE_ARBITRARY_URLS` (optional, boolean, default `false`) - enable to query any arbitrary URL via rest client (required for Workflows Webhook).\n\n### Outgoing proxy\n\nFor pulling events from another MISP or fetching feeds MISP requires access to Internet. Set these variables to use HTTP proxy for outgoing connections from MISP.\n\n* `PROXY_HOST` (optional, string) - The hostname of an HTTP proxy for outgoing sync requests. Leave empty to not use a proxy.\n* `PROXY_PORT` (optional, int, default `3128`) - The TCP port for the HTTP proxy.\n* `PROXY_METHOD` (optional, string) - The authentication method for the HTTP proxy. Currently, supported are Basic or Digest. Leave empty for no proxy authentication.\n* `PROXY_USER` (optional, string) - The authentication username for the HTTP proxy.\n* `PROXY_PASSWORD` (optional, string) - The authentication password for the HTTP proxy.\n\n### OpenID Connect (OIDC) login\n\n[Check detailed manual how to configure OIDC login](docs/OIDC.md)\n\n### ZeroMQ\n\n* `ZEROMQ_ENABLED` (optional, boolean, default `false`) - enable ZeroMQ integration, server will listen at `*:50000`\n* `ZEROMQ_USERNAME` (optional, string) - ZeroMQ server username\n* `ZEROMQ_PASSWORD` (optional, string) - ZeroMQ server password\n\n### PHP config\n\n* `PHP_SESSIONS_IN_REDIS` (optional, boolean, default `true`) - when enabled, sessions are stored in Redis. That provides better performance and sessions survive container restart\n* `PHP_SESSIONS_COOKIE_SAMESITE` (optional, string, default `Lax`) - sets [session.cookie_samesite](https://www.php.net/manual/en/session.configuration.php#ini.session.cookie-samesite), can be `Strict` or `Lax`.\n* `PHP_SNUFFLEUPAGUS` (optional, boolean, default `true`) - enable PHP hardening by using [Snuffleupagus](https://snuffleupagus.readthedocs.io) PHP extension with [rules](snuffleupagus-misp.rules) tailored to MISP (when enabled, PHP JIT will be disabled)\n* `PHP_TIMEZONE` (optional, string, default `UTC`) - sets [date.timezone](https://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone)\n* `PHP_MEMORY_LIMIT` (optional, string, default `2048M`) - sets [memory_limit](https://www.php.net/manual/en/ini.core.php#ini.memory-limit)\n* `PHP_MAX_EXECUTION_TIME` (optional, int, default `300`) - sets [max_execution_time](https://www.php.net/manual/en/info.configuration.php#ini.max-execution-time) (in seconds)\n* `PHP_UPLOAD_MAX_FILESIZE` (optional, string, default `50M`) - sets [upload_max_filesize](https://www.php.net/manual/en/ini.core.php#ini.upload-max-filesize) and [post_max_size](https://www.php.net/manual/en/ini.core.php#ini.post-max-size)\n* `PHP_XDEBUG_ENABLED` (optional, boolean, default `false`) - enable [Xdebug](https://xdebug.org) PHP extension for debugging purposes (do not enable on production environment)\n* `PHP_XDEBUG_PROFILER_TRIGGER` (optional, string) - secret value for `XDEBUG_PROFILE` GET/POST variable that will enable profiling\n\n### Jobber\n\nAutomation tasks are run by [jobber](https://github.com/dshearer/jobber) application, which is managed by `supervisor`. Check [`.jobber`](.jobber) file for tasks definition.\n\nYou can change default configuration by modifying these environment variables:\n\n* `JOBBER_USER_ID` (optional, int, default `1`) - MISP user ID which is used in scheduled tasks by Jobber (1 is the user ID of the initial created admin@admin.test user)\n* `JOBBER_CACHE_FEEDS_TIME` (optional, string, default `0 R0-10 6,8,10,12,14,16,18`) - [Jobber time string][jobber-time-string] for cache feeds task scheduling\n* `JOBBER_FETCH_FEEDS_TIME` (optional, string, default `0 R0-10 6,8,10,12,14,16,18`) - [Jobber time string][jobber-time-string] for fetch feeds task scheduling\n* `JOBBER_PULL_SERVERS_TIME` (optional, string, default `0 R0-10 6,10,15`) - [Jobber time string][jobber-time-string] for pull servers task scheduling\n* `JOBBER_PUSH_SERVERS_TIME` (optional, string) - [Jobber time string][jobber-time-string] for pushing to servers task scheduling\n* `JOBBER_CACHE_SERVERS_TIME` (optional, string, default `0 R0-10 6,10,15`) - [Jobber time string][jobber-time-string] for cache servers task scheduling\n* `JOBBER_SCAN_ATTACHMENT_TIME` (optional, string, default `0 R0-10 6`) - [Jobber time string][jobber-time-string] for scan attachment task scheduling\n* `JOBBER_LOG_ROTATE_TIME` (optional, string, default `0 0 5`) - [Jobber time string][jobber-time-string] for log rotate task scheduling\n* `JOBBER_USER_CHECK_VALIDITY_TIME` (optional, string, default `0 0 5`) - [Jobber time string][jobber-time-string] for updating user role and org or blocking invalid users (makes sense only if `OIDC_OFFLINE_ACCESS` and `OIDC_CHECK_USER_VALIDITY` is set)\n* `JOBBER_SEND_PERIODIC_SUMMARY` (optional, string, default `0 0 6 * * 1-5`) - [Jobber time string][jobber-time-string]for sending periodic summary for users (must be just once per day)\n\nIf provided time string is empty, job will be disabled.\n\n[jobber-time-string]: https://dshearer.github.io/jobber/doc/v1.4/#time-strings\n\n### Supervisor\n\nSupervisor is used to run all processes within the container, you can adjust the amount of workers that should be started by modifying these variables:\n\n* `DEFAULT_WORKERS` (optional, int, default `1`) - number of default workers to start\n* `EMAIL_WORKERS` (optional, int, default `3`) - number of email workers to start\n* `CACHE_WORKERS` (optional, int, default `1`) - number of cache workers to start\n* `PRIO_WORKERS` (optional, int, default `3`) - number of prio workers to start\n* `UPDATE_WORKERS` (optional, int, default `1`) - number of update workers to start\n\nIf one of the variables is set to `0`, no workers will be started.\n\n### Extra variables\n\n* `ECS_`, `SYSLOG_` and `SENTRY_` are documented in [LOGGING.md](docs/LOGGING.md) \n* `OIDC_` are documented in [OIDC.md](docs/OIDC.md) \n* `S3_` for storing attachments in S3 compatible object storage are documented in [S3_SUPPORT.md](docs/S3_SUPPORT.md) \n\n## Container volumes\n\n* `/var/www/MISP/app/tmp/logs/` - application logs\n* `/var/www/MISP/app/files/certs/` - uploaded certificates used for accessing remote feeds and servers\n* `/var/www/MISP/app/attachments/` - uploaded attachments and malware samples\n* `/var/www/MISP/.gnupg/` - GPG homedir\n\n## License\n\nThis software is licensed under GNU General Public License version 3. MISP is licensed under GNU Affero General Public License version 3.\n\n* Copyright (C) 2022-2024 [National Cyber and Information Security Agency of the Czech Republic (NรšKIB)](https://nukib.gov.cz/en/) ๐Ÿ‡จ๐Ÿ‡ฟ\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNUKIB%2Fmisp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FNUKIB%2Fmisp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNUKIB%2Fmisp/lists"}