EOM

One of the MISP diagnostics notes that not setting a Redis password is an "error" level fail - is there a way to set the MISP connection password in the MISP config of this container?

Hi,

I have been using MISP a lot and i used to building my own MISP docker image from the sources but now I'm very happy to use the new production ready misp-docker.

While switching to the new docker image, I notice that the misp-docker project is using nginx instead of apache. I'm not experience with nginx but I think it's a powerfull tool once one master's it.

I'm also using pymisp 2.4.190 to pull Events and attributes from MISP 2.4.192 to build custom list of IoCs to feed my FW. That was working well with my previous docker image build from the sources and using apache server.

Now, while pulling the same IoCs i see a new behaviour that i didn't have in the past, 504 Gateway Time-out. This occurs when I'm pulling a long list of IoCs using pymisp.

PyMISP displayed error
CRITICAL:pymisp:Unknown error: the response is not in JSON.
Something is broken server-side, please send us everything that follows (careful with the auth key):
Request headers:
{'User-Agent': 'PyMISP 2.4.190 - Python 3.12', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'Connection': 'keep-alive', 'Cookie': 'CAKEPHP=', 'Content-Length': '434', 'content-type': 'application/json'}
Request body:
{"returnFormat": "json", "type": ["ip-dst", "ip-src", "url"], "tags": {"AND": ["canssoc:event-classification="generic"", "canssoc:feed"]}, "withAttachments": 0, "metadata": 0, "published": true, "enforceWarninglist": 0, "to_ids": 1, "includeEventUuid": 0, "includeEventTags": 0, "sgReferenceOnly": 0, "includeContext": 1, "headerless": 0, "includeSightings": 0, "includeDecayScore": 0, "includeCorrelations": 0, "excludeDecayed": 0}
Response (if any):

504 Gateway Time-out

I tested a bunch of configuration tweaks for timeout in following configuration file but none of them are solving the 504 error.

• /etc/nginx/nginx.conf
• /etc/nginx/sites-available/misp443
• /etc/nginx/sites-enabled/misp443
• /etc/php/7.4/fpm/pool.d/www.conf

I tried "disabling" all nginx timeout but this has no effectAny nginx pros that c

#keepalive_timeout 0; # Set to 0 for no keepalive timeout
#fastcgi_read_timeout 0s; # Set to 0s for no FastCGI read timeout

    #proxy_read_timeout 900s;
    #proxy_connect_timeout 900s;
    #proxy_send_timeout 900s;
    #uwsgi_read_timeout 900s;

    #fastcgi_connect_timeout 900s;
    #fastcgi_read_timeout 900s;
    #fastcgi_send_timeout 900s;
    keepalive_timeout 1d;
    send_timeout 1d;
    client_body_timeout 1d;
    client_header_timeout 1d;
    proxy_connect_timeout 1d;
    proxy_read_timeout 1d;
    proxy_send_timeout 1d;
    fastcgi_connect_timeout 1d;
    fastcgi_read_timeout 1d;
    fastcgi_send_timeout 1d;
    memcached_connect_timeout 1d;
    memcached_read_timeout 1d;
    memcached_send_timeout 1d;

Hello,

I'm using CoolAcid container version on my production environment, and when I start the migration to this container, I've noticed the AAD authentication is not working or not supported anymore.

I have the put all settings on config.php file and add cake module to bootstrap.php file also.

Hi,

not really sure if the bug is related to misp-docker or the original project. I haven't see this whe building from the source so that's why I'm posting it here.

I'm trying to change zmq parameters with the UI and i have a web UI error. Digging into the BE MISP logs i have following error log.

2024-06-04 14:12:03 Warning: Warning (2): copy(/var/www/MISP/app/Config/config.backup.php): failed to open stream: Permission denied in [/var/www/MISP/app/Model/Server.php, line 2557]
Trace:
ErrorHandler::handleError() - APP/Lib/cakephp/lib/Cake/Error/ErrorHandler.php, line 230
copy - [internal], line ??
Server::serverSettingsSaveValue() - APP/Model/Server.php, line 2557
Server::serverSettingsEditValue() - APP/Model/Server.php, line 2500
ServersController::serverSettingsEdit() - APP/Controller/ServersController.php, line 1573
ReflectionMethod::invokeArgs() - [internal], line ??
Controller::invokeAction() - APP/Lib/cakephp/lib/Cake/Controller/Controller.php, line 499
Dispatcher::_invoke() - APP/Lib/cakephp/lib/Cake/Routing/Dispatcher.php, line 193
Dispatcher::dispatch() - APP/Lib/cakephp/lib/Cake/Routing/Dispatcher.php, line 167
[main] - APP/webroot/index.php, line 101

2024-06-04 14:12:03 Error: [Exception] Could not create config backup `/var/www/MISP/app/Config/config.backup.php`.
Request URL: /servers/serverSettingsEdit/Plugin.ZeroMQ_port/2/1
Stack Trace:
#0 /var/www/MISP/app/Model/Server.php(2500): Server->serverSettingsSaveValue()
#1 /var/www/MISP/app/Controller/ServersController.php(1573): Server->serverSettingsEditValue()
#2 [internal function]: ServersController->serverSettingsEdit()
#3 /var/www/MISP/app/Lib/cakephp/lib/Cake/Controller/Controller.php(499): ReflectionMethod->invokeArgs()
#4 /var/www/MISP/app/Lib/cakephp/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction()
#5 /var/www/MISP/app/Lib/cakephp/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke()
#6 /var/www/MISP/app/webroot/index.php(101): Dispatcher->dispatch()
#7 {main}

When i apply the following it works.
sudo chmod 664 /var/www/MISP/app/Config/config.backup.php

I guess this needs to be fixed somewhere, here or main project ? I guess here since your automate job will build from sources before storing the image here.

Is it possible to change the url where misp-docker runs (https://localhost) with some configuration tweak ?
I mean, the objective would be to run misp in port 8080 for example (https://localhost:8080 )
Maybe changing some param in .env or dockerfile

Hi, I was just wondering why ZeroMQ is first enabled:

Hi,

I yesterday downloaded (existing images) and tried to get the containers up and running (RHEL8). I run into a problem to get the web server up and running.

misp-core-1 | nginx: [error] open() "/run/nginx.pid" failed (2: No such file or directory)
misp-core-1 | sudo: unable to send audit message: Operation not permitted ### Debut msg?
misp-core-1 | Error: Setting change rejected. ### Debut msg?
misp-core-1 | The setting change was rejected. MISP considers the requested setting value as invalid and would lead to the following error:
misp-core-1 |
misp-core-1 | "Invalid baseurl, please make sure that the protocol is set."
misp-core-1 |
misp-core-1 | If you still want to force this change, please supply the --force argument.

Everything else looks fine (not running the smtp container)
Updated image names since Podman adds "localhost".

See below for diff between my config and untouched config file.
< #  mail:
< #    image: ixdotai/smtp
< #    environment:
< #      - "SMARTHOST_ADDRESS=${SMARTHOST_ADDRESS}"
< #      - "SMARTHOST_PORT=${SMARTHOST_PORT}"
< #      - "SMARTHOST_USER=${SMARTHOST_USER}"
< #      - "SMARTHOST_PASSWORD=${SMARTHOST_PASSWORD}"
< #      - "SMARTHOST_ALIASES=${SMARTHOST_ALIASES}"
---
>   mail:
>     image: ixdotai/smtp
>     environment:
>       - "SMARTHOST_ADDRESS=${SMARTHOST_ADDRESS}"
>       - "SMARTHOST_PORT=${SMARTHOST_PORT}"
>       - "SMARTHOST_USER=${SMARTHOST_USER}"
>       - "SMARTHOST_PASSWORD=${SMARTHOST_PASSWORD}"
>       - "SMARTHOST_ALIASES=${SMARTHOST_ALIASES}"
15c15
<     image: localhost/redis:7.2
---
>     image: redis:7.2
19c19
<     image: localhost/mariadb:10.11
---
>     image: mariadb:10.11
22,24c22,24
<       - "MYSQL_USER=${MYSQL_USER:-MISP_USER}"
<       - "MYSQL_PASSWORD=${MYSQL_PASSWORD:-MISP_PWD}"
<       - "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-MISP_ROOTPWD}"
---
>       - "MYSQL_USER=${MYSQL_USER:-misp}"
>       - "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}"
>       - "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-password}"
67,69c67,68
<       #- "ADMIN_EMAIL=${ADMIN_EMAIL}"
<       - "ADMIN_EMAIL=OUREMAIL@OURDOMAIN"
<       - "ADMIN_PASSWORD=OUR_PWD"
---
>       - "ADMIN_EMAIL=${ADMIN_EMAIL}"
>       - "ADMIN_PASSWORD=${ADMIN_PASSWORD}"
95,96c94,95
<       - "MYSQL_USER=${MYSQL_USER:-MISP_USER}"
<       - "MYSQL_PASSWORD=${MYSQL_PASSWORD:-MISP_PWD}"
---
>       - "MYSQL_USER=${MYSQL_USER:-misp}"
>       - "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}"

Do you see any apparently wrong? Any hints welcome.

//Daniel

Using fresh installation.

misp-core-1     | Error: Setting "Security.password_policy_length" change rejected.
misp-core-1     | Provided value "12" is not a number.

CC @UFOSmuggler

Hello,

I am considering deploying the MISP Docker project on Azure Container Instances but haven't found a clear blueprint or guide for this setup. Has anyone in this community successfully deployed MISP Docker on Azure? If so, could you share any specific configurations, scripts, or strategies you used?

Here are a few specific questions I have:

Are there particular settings or modifications needed in the MISP Docker configuration to optimize it for Azure Container Instances?
Have you encountered any major challenges or limitations while running MISP Docker in this environment?
Is there existing documentation or a deployment guide that you found helpful for this process?
Any feedback or pointers you could provide would be greatly appreciated. Thank you!

I am using Splunk SOAR to POST an event tag to MISP. I have MISP docker configured on an AWS server, but something is prohibiting it from receiving the auth header. This is the error I receive. I have tried changing the httpd file to include SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1, but that has not worked. Any help would be great.

'post_data_1' on asset 'misp api' completed with status: 'failed'. Action Info: Size : 709 bytes : [{"app_name":"HTTP","asset_name":"misp api","param":{"context": {"guid": "***", "artifact_id": 0, "parent_action_run": []}, "headers": "{\n"Accept": "application/json",\n"Content-type": "application/json"\n}", "location": "addTag/", "verify_certificate": false},"status":"failed","message":"Error from server. Status Code: 403 Data from server: {"name":"Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.","message":"Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.","url":"\/events\/addTag\/\/"}"}]

https://github.com/MISP/misp-docker/blob/master/core/files/configure_misp.sh#L264

I suspect this is forced off so that if the Action_services_url is incorrect, MISP doesn't drop its lunch. However, it doesn't seem to cause an issue if set to something that doesn't exist.

Perhaps this isn't needed after all? Otherwise, every time the container comes up we have to edit the config again to turn it back on.

Is there some other reason for this I am not aware of?

Is there a way to disable MISP http redirect to https? We disabled tcp/443 within docker-compose.yml and are not able to get MISP to respond to http tcp/80 requests.

We are using MISP in MIcrosoft Azure with an Application Gateway that will be performing SSL Offloading and do not require https redirection on the backend, but... we are receiving Gateway 504 errors, i.e., backend timeouts... and we suspect it is related to what appears to be a "baked in" MISP http redirect to https that we would like to disable.

We see a MISP and MISP80 configuration within the misp-misp-core-1, but are not sure this is related to our request.

Any suggestions to remediate are greatly appreciated.

https://www.circl.lu/doc/misp/administration/#how-to-redirect-http-to-https

MISP/MISP#4405 (user claims they were able to disable https redirect and self-signed certificate, but does not include details on how)

https://githubhelp.com/harvard-itsecurity/docker-misp/issues/47
https://web.archive.org/web/20200910000555/https://github.com/harvard-itsecurity/docker-misp/issues/47

https://eugit.opencloud.lu/MISP/misp-docker/commit/c57f2669ec8f34a934fc089b2c263f607dc4bbc6#diff-35b8c13cf2eb2a194eada000eb310d65aed53b2a

• this link hints towards an option within a MISP-Docker YML configuration that predates this project
• "NOREDIR=true" #Do not redirect port 80

Hi team,

I am facing some issues when deploying behind Traefik (reverse proxy), even though I tried to route the reverse proxy (Traefik) to port 80.

my infrastructure is as follows:

• I am deploying Traefik from my main docker-compose.yml file, where I created a bridge network called "myNetwork"
• "misp-docker" is cloned, configured (.env), and deployed from other folder, but it can reach Traefik through "myNetwork"

my version of "misp-core" in docker-compose.yml is below:

  misp-core:
    image: ghcr.io/misp/misp-docker/misp-core:latest
    container_name: misp-core
    build:
      context: core/.
      args:
          - CORE_TAG=${CORE_TAG}
          - CORE_COMMIT=${CORE_COMMIT}
          - PHP_VER=${PHP_VER}
          - PYPI_REDIS_VERSION=${PYPI_REDIS_VERSION}
          - PYPI_LIEF_VERSION=${PYPI_LIEF_VERSION}
          - PYPI_PYDEEP2_VERSION=${PYPI_PYDEEP2_VERSION}
          - PYPI_PYTHON_MAGIC_VERSION=${PYPI_PYTHON_MAGIC_VERSION}
          - PYPI_MISP_LIB_STIX2_VERSION=${PYPI_MISP_LIB_STIX2_VERSION}
          - PYPI_MAEC_VERSION=${PYPI_MAEC_VERSION}
          - PYPI_MIXBOX_VERSION=${PYPI_MIXBOX_VERSION}
          - PYPI_CYBOX_VERSION=${PYPI_CYBOX_VERSION}
          - PYPI_PYMISP_VERSION=${PYPI_PYMISP_VERSION}
    depends_on:
      - redis
      - db
    #ports:
    #  - "80:80"
    #  - "443:443"
    volumes:
      - "./config-configs/:/var/www/MISP/app/Config/"
      - "./config-logs/:/var/www/MISP/app/tmp/logs/"
      - "./config-files/:/var/www/MISP/app/files/"
      - "./config-ssl/:/etc/nginx/certs/"
      - "./config-gnupg/:/var/www/MISP/.gnupg/"
      # customize by replacing ${CUSTOM_PATH} with a path containing 'files/customize_misp.sh'
      # - "${CUSTOM_PATH}/:/custom/"
    environment:
      - "BASE_URL=${BASE_URL}"
      - "CRON_USER_ID=${CRON_USER_ID}"
      - "DISABLE_IPV6=${DISABLE_IPV6}"
      # standard settings
      - "ADMIN_EMAIL=${ADMIN_EMAIL}"
      - "ADMIN_PASSWORD=${ADMIN_PASSWORD}"
      - "ADMIN_KEY=${ADMIN_KEY}"
      - "ADMIN_ORG=${ADMIN_ORG}"
      - "GPG_PASSPHRASE=${GPG_PASSPHRASE}"
      # authentication settings
      #- "OIDC_ENABLE=${OIDC_ENABLE}"
      #- "OIDC_PROVIDER_URL=${OIDC_PROVIDER_URL}"
      #- "OIDC_CLIENT_ID=${OIDC_CLIENT_ID}"
      #- "OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}"
      #- "OIDC_ROLES_PROPERTY=${OIDC_ROLES_PROPERTY}"
      #- "OIDC_ROLES_MAPPING=${OIDC_ROLES_MAPPING}"
      #- "OIDC_DEFAULT_ORG=${OIDC_DEFAULT_ORG}"
      # sync server settings (see https://www.misp-project.org/openapi/#tag/Servers for more options)
      - "SYNCSERVERS=${SYNCSERVERS}"
      - |
        SYNCSERVERS_1_DATA=
        {
          "remote_org_uuid": "${SYNCSERVERS_1_UUID}",
          "name": "${SYNCSERVERS_1_NAME}",
          "authkey": "${SYNCSERVERS_1_KEY}",
          "url": "${SYNCSERVERS_1_URL}",
          "pull": true
        }
      # mysql settings
      - "MYSQL_HOST=${MYSQL_HOST:-db}"
      - "MYSQL_PORT=${MYSQL_PORT:-3306}"
      - "MYSQL_USER=${MYSQL_USER:-misp}"
      - "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}"
      - "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.misp.rule=Host(`misp.mydomain.net`)"
      - "traefik.http.routers.misp.entrypoints=websecure"
      - "traefik.http.services.misp.loadbalancer.server.port=80"
      - "traefik.http.routers.misp.service=misp"
      - "traefik.http.routers.misp.tls=true"
      - "traefik.http.routers.misp.tls.certresolver=letsencrypt"
    networks:
      - myNetwork

my ".env" configuration is below:

##
# Build-time variables
##

CORE_TAG=v2.4.183
MODULES_TAG=v2.4.182
PHP_VER=20190902
LIBFAUP_COMMIT=3a26d0a

# PYPY_* vars take precedence over MISP's
# PYPI_REDIS_VERSION="==5.0.*"
# PYPI_LIEF_VERSION=">=0.13.1"
# PYPI_PYDEEP2_VERSION="==0.5.*"
# PYPI_PYTHON_MAGIC_VERSION="==0.4.*"
# PYPI_MISP_LIB_STIX2_VERSION="==3.0.*"
# PYPI_MAEC_VERSION="==4.1.*"
# PYPI_MIXBOX_VERSION="==1.0.*"
# PYPI_CYBOX_VERSION="==2.1.*"
# PYPI_PYMISP_VERSION="==2.4.178"

# CORE_COMMIT takes precedence over CORE_TAG
# CORE_COMMIT=c56d537
# MODULES_COMMIT takes precedence over MODULES_TAG
# MODULES_COMMIT=de69ae3

##
# Run-time variables
##

# Email/username for user #1, defaults to MISP's default ([email protected])
[email protected]
# name of org #1, default to MISP's default (ORGNAME)
ADMIN_ORG=mydomain
# defaults to an automatically generated one
ADMIN_KEY=
# defaults to MISP's default (admin)
ADMIN_PASSWORD=xxxxxxxxxx
# defaults to 'passphrase'
GPG_PASSPHRASE=
# defaults to 1 (the admin user)
CRON_USER_ID=
# defaults to 'https://localhost'
BASE_URL=misp.mydomain.net

# optional and used by the mail sub-system
SMARTHOST_ADDRESS=smtp.mydomain.net
SMARTHOST_PORT=587
SMARTHOST_USER=emailapikey
SMARTHOST_PASSWORD=xxxxxxxxxx
[email protected]

# optional comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1)
# For this to work ADMIN_KEY must be set, or AUTOGEN_ADMIN_KEY must be true (default)
SYNCSERVERS=
# note: if you have more than one syncserver, you need to update docker-compose.yml
SYNCSERVERS_1_URL=
SYNCSERVERS_1_NAME=
SYNCSERVERS_1_UUID=
SYNCSERVERS_1_KEY=

# optional and used to set mysql db and credentials
MYSQL_HOST=db
# MYSQL_PORT=
MYSQL_USER=misp
MYSQL_PASSWORD=xxxxxxxxxx
# MYSQL_ROOT_PASSWORD=
MYSQL_DATABASE=misp

# These variables allows overriding some MISP email values.
# They all default to ADMIN_EMAIL.

# MISP.email, used for notifications. Also used
# for GnuPG.email and GPG autogeneration.
# MISP_EMAIL=

# MISP.contact, the e-mail address that
# MISP should include as a contact address
# for the instance's support team.
# MISP_CONTACT=

# Enable GPG autogeneration (default true)
# AUTOCONF_GPG=true

# Enable admin (user #1) API key autogeneration
# if ADMIN_KEY is not set above (default true)
# AUTOGEN_ADMIN_KEY=true

# Disable IPv6 completely (this setting will persist until the container is removed)
# DISABLE_IPV6=true

# Enable OIDC authentication, according to https://github.com/MISP/MISP/blob/2.4/app/Plugin/OidcAuth/README.md
# OIDC_ENABLE=true
# OIDC_PROVIDER_URL=
# OIDC_CLIENT_ID=
# OIDC_CLIENT_SECRET=
# OIDC_ROLES_PROPERTY="roles"
# OIDC_ROLES_MAPPING={"admin": "1","sync-user": "5"}
# OIDC_DEFAULT_ORG=

Core Build: v2.4.187

When the docker MISP core service starts, it deletes custom images that had been uploaded via MISP gui.

An example is organizations logo. MISP saves the images into /var/www/MISP/app/files/img/orgs/ and the entrypoint_nginx.sh set it back to the initial default set of files with rsync.

The problem seems to be in the function update_misp_data_files in entrypoint_nginx.sh that copies the default files in different places including /var/www/MISP/app/files/img/orgs/ directory by using rsync with the option --delete.

See here:

A fix could be adding img to the exception together with certs.

However, I noticed that the problem doesn't exist in build v2.4.181 and the difference is in the organizations logos directory that are saved in different paths.

• v2.4.181 -> /var/www/MISP/app/webroot/img/orgs
• v2.4.187 -> /var/www/MISP/app/files/img/orgs/

v2.4.181 has no issue because the path is not touched by rsync.

Side note, MISP now links organizations logos in the gui by using the data:image tag, while before was liking directly the image in the img tag, something changed there but I don't know when.

Given that, might worth having a look at other changes that could relate to the volume mount and entrypoint process.

EDIT
Found the change:

fix: [security] Org image upload moved out of webroot

• images will no longer be accessible directly, only via inclusion via file-read/b64 encoding
• The new store for org images is MISP/app/files/img/orgs - As reported by Yusuke Nakajim

https://github.com/MISP/MISP/blame/0fb58cff4466f2a685063932e99e0ea7bea28280/app/Model/AppModel.php#L4244

Configurations are lost if MISP containers are recreated after an update or modification. Due to this, too many things need to be re-configured after updating a running system.

The MISP Image should enable the MISP.system_setting_db config parameter by default during build.

The other option will be to provide an environment variable in the .env file to affect this parameter, and to set it by default to true in template.env.

MISP.system_setting_db is a CLI-only configuration and can't be modified via the web UI. #60 describes this issue further.

Hello
I cannot build the docker because I get
tting up nginx (1.18.0-6.1+deb11u3) ...
Processing triggers for libc-bin (2.31-13+deb11u7) ...
Processing triggers for ca-certificates (20210119) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Processing triggers for php7.4-cli (7.4.33-1+deb11u4) ...
Processing triggers for php7.4-fpm (7.4.33-1+deb11u4) ...
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of restart.
Reading package lists...
Building dependency tree...
Reading state information...
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Removing intermediate container f4ce4511c89c
---> b8f91fdc9f02
Step 42/53 : COPY --from=python-build /wheels /wheels
ERROR: Service 'misp-core' failed to build: COPY failed: stat wheels: file does not exist

Please how to debug and correct ?

https://github.com/MISP/misp-docker/blame/5d641c75e4d8f0d68579cc3450b193e7202f8d1b/core/files/entrypoint_nginx.sh#L83C75-L83C75

Hi, we're seeing an issue where if we restart the container, the contents of database.php gets wiped - I suspect it's due to the entrypoint_nginx.sh script being run by supervisord in / - where the /tmp directory already exists.

I tried to enable OIDC auth and receive an error message.

On container logs, nothing is mentioned.

I set up my variables under .env file

Looking at the docs (https://github.com/MISP/MISP/blob/2.4/app/Plugin/OidcAuth/README.md), is mentioned a installation of a library

cd app
php composer.phar require jakub-onderka/openid-connect-php:1.0.0-rc1
But if I install this I believe will not persist at container restart.

Hello,

containers fail to start as SElinux prevents the process inside the container to change files and the following kind of message is present in audit.log:

type=AVC msg=audit(1710253700.452:2073): avc:  denied  { write } for  pid=28867 comm="supervisord" name="logs" dev="sda1" ino=3114063 scontext=system_u:system_r:container_t:s0:c664,c930 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=0

The solution is to add the option "z" or "Z" to the mounts:

• z: SELinux option indicating that the bind mount host content is shared among multiple containers.
• Z: SELinux option indicating that the bind mount host content is private and unshared for other containers.

Source: https://docs.docker.com/compose/compose-file/05-services/#volumes

Patch:

diff --git a/docker-compose.yml b/docker-compose.yml
index 96cdde7..2367ed5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -24,7 +24,7 @@ services:
       - "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-password}"
       - "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}"
     volumes:
-      - mysql_data:/var/lib/mysql
+      - mysql_data:/var/lib/mysql:Z
     cap_add:
       - SYS_NICE  # CAP_SYS_NICE Prevent runaway mysql log

@@ -52,11 +52,11 @@ services:
       - "80:80"
       - "443:443"
     volumes:
-      - "./configs/:/var/www/MISP/app/Config/"
-      - "./logs/:/var/www/MISP/app/tmp/logs/"
-      - "./files/:/var/www/MISP/app/files/"
-      - "./ssl/:/etc/nginx/certs/"
-      - "./gnupg/:/var/www/MISP/.gnupg/"
+      - "./configs/:/var/www/MISP/app/Config/:Z"
+      - "./logs/:/var/www/MISP/app/tmp/logs/:Z"
+      - "./files/:/var/www/MISP/app/files/:Z"
+      - "./ssl/:/etc/nginx/certs/:Z"
+      - "./gnupg/:/var/www/MISP/.gnupg/:Z"
       # customize by replacing ${CUSTOM_PATH} with a path containing 'files/customize_misp.sh'
       # - "${CUSTOM_PATH}/:/custom/"
       # mount custom ca root certificates

Step 9/53 : ADD https://raw.githubusercontent.com/MISP/MISP/${CORE_COMMIT:-${CORE_TAG}}/app/composer.json /tmp
ERROR: Service 'misp-core' failed to build: ADD failed: failed to GET https://raw.githubusercontent.com/MISP/MISP//app/composer.json with status 404 Not Found: 404: Not Found

Image: v2.4.193
Environment: k8s

My pod gets stuck awaiting on await_system_settings_table.

I noticed the systems_settings table is not part of the initial installation script in the official MISP https://github.com/MISP/MISP/blob/v2.4.193/INSTALL/MYSQL.sql but as part of the app model update https://github.com/MISP/MISP/blob/462088e88698bac16aee1b266850dc8931e5987e/app/Model/AppModel.php#L1654. So, wondering if this CLI configuration step https://github.com/MISP/misp-docker/blob/master/core/files/configure_misp.sh#L438C1-L438C76 should be executed at a later stage

Hello,

I just pulled the docker image to setup a MISP instance.

Most of the things work fine but while fetching and caching the various feed, I receive alot of MySQL errors.
Strangely some feeds are finished without any problems and events are published.

I havent modified the MySQL settings in .env.

Something I am missing or is it RTFM error?

Error: Error: Database connection "Mysql" is missing, or could not be created.
[(Click to hide stack trace)](https://10.10.1.10/jobs/index#)
Error: Database connection "Mysql" is missing, or could not be created.
#0 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Datasource/DboSource.php(278): Mysql->connect()
#1 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/ConnectionManager.php(105): DboSource->__construct()
#2 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Model.php(3659): ConnectionManager::getDataSource()
#3 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Model.php(1162): Model->setDataSource()
#4 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Model.php(3686): Model->setSource()
#5 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Model.php(1394): Model->getDataSource()
#6 /var/www/MISP/app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php(283): Model->schema()
#7 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/BehaviorCollection.php(145): SysLogLogableBehavior->setup()
#8 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/BehaviorCollection.php(66): BehaviorCollection->load()
#9 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Model.php(781): BehaviorCollection->init()
#10 /var/www/MISP/app/Model/AppModel.php(113): Model->__construct()
#11 /var/www/MISP/app/Model/User.php(239): AppModel->__construct()
#12 [internal function]: User->__construct()
#13 /var/www/MISP/app/Lib/cakephp/lib/Cake/Utility/ClassRegistry.php(169): ReflectionClass->newInstance()
#14 /var/www/MISP/app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php(279): ClassRegistry::init()
#15 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/BehaviorCollection.php(145): SysLogLogableBehavior->setup()
#16 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/BehaviorCollection.php(66): BehaviorCollection->load()
#17 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Model.php(781): BehaviorCollection->init()
#18 /var/www/MISP/app/Model/AppModel.php(113): Model->__construct()
#19 /var/www/MISP/app/Model/Server.php(191): AppModel->__construct()
#20 [internal function]: Server->__construct()
#21 /var/www/MISP/app/Lib/cakephp/lib/Cake/Utility/ClassRegistry.php(169): ReflectionClass->newInstance()
#22 /var/www/MISP/app/Lib/cakephp/lib/Cake/Console/Shell.php(316): ClassRegistry::init()
#23 /var/www/MISP/app/Lib/cakephp/lib/Cake/Console/Shell.php(269): Shell->loadModel()
#24 /var/www/MISP/app/Lib/cakephp/lib/Cake/Console/Shell.php(228): Shell->_loadModels()
#25 /var/www/MISP/app/Console/Command/AppShell.php(42): Shell->initialize()
#26 /var/www/MISP/app/Lib/cakephp/lib/Cake/Console/ShellDispatcher.php(221): AppShell->initialize()
#27 /var/www/MISP/app/Lib/cakephp/lib/Cake/Console/ShellDispatcher.php(66): ShellDispatcher->dispatch()
#28 /var/www/MISP/app/Console/cake.php(45): ShellDispatcher::run()
#29 {main}

Thx for any hint!

Hi there! Great work on dockerizing MISP, much appreciated! I worked with an older version of misp-docker and today updated to this much new version. I've copied the .env and edited all the corresponding variables. All containers are running nicely after a docker compose up, but I can not access MISP outside of the localhost. Since I can not find the POSTFIX_RELAY_HOST=relay.fqdn option that was present in the previous version, I assume that would cause this problem. Any thoughts on how to fix this?

I redacted the IP, but my hostname is:
HOSTNAME=http://111.222.333.444

Docker version 24.0.7, build afdd53b

Hi - Not sure if this is the right forum, thought I would post here.
I have tried to Install MISP using Docker and was following the guide and online help.

Everything went well, until when I run docker-compose up, I see the log below:
.
.
.
.
.................+............................+..............................................................................................................................................................................................................................+...............................................++++++++
... nginx docroot set to /var/www/html/
INIT | Initialize MISP files and configurations ...
... initialize configuration files
13+1 records in
13+1 records out
6960 bytes (7.0 kB, 6.8 KiB) copied, 0.000132196 s, 52.6 MB/s
4+1 records in
4+1 records out
2541 bytes (2.5 kB, 2.5 KiB) copied, 8.5601e-05 s, 29.7 MB/s
21+1 records in
21+1 records out
10814 bytes (11 kB, 11 KiB) copied, 0.000159795 s, 67.7 MB/s
31+1 records in
31+1 records out
15928 bytes (16 kB, 16 KiB) copied, 0.000204977 s, 77.7 MB/s
5+1 records in
5+1 records out
3002 bytes (3.0 kB, 2.9 KiB) copied, 9.7076e-05 s, 30.9 MB/s
5+1 records in
5+1 records out
2618 bytes (2.6 kB, 2.6 KiB) copied, 0.000135026 s, 19.4 MB/s
... initialize database.php settings
... initialize email.php settings
... initialize app files
INIT | Update MISP app/files directory ...
... rsync -azh --delete "/var/www/MISP/app/files.dist/browscap" "/var/www/MISP/app/files/"
... rsync -azh "/var/www/MISP/app/files.dist/certs" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/community-metadata" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/empty" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/feed-metadata" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/geo-open" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/img" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/misp-decaying-models" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/misp-galaxy" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/misp-objects" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/misp-workflow-blueprints" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/noticelists" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/scripts" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/taxonomies" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/terms" "/var/www/MISP/app/files/"
... rsync -azh --delete "/var/www/MISP/app/files.dist/warninglists" "/var/www/MISP/app/files/"
INIT | Enforce MISP permissions ...
... chown -R www-data:www-data /var/www/MISP/app/tmp
... chmod -R 0550 files /var/www/MISP/app/tmp
... chmod -R 0770 directories /var/www/MISP/app/tmp
... chmod -R u+w,g+w /var/www/MISP/app/tmp
... chown -R www-data:www-data /var/www/MISP/app/files
... chmod -R 0550 files /var/www/MISP/app/files
... chmod -R 0770 directories /var/www/MISP/app/files
... chmod -R u+w,g+w /var/www/MISP/app/files
... chown -R www-data:www-data /var/www/MISP/app/Config
... chmod -R 0550 files /var/www/MISP/app/Config ...
... chmod -R 0770 directories /var/www/MISP/app/Config
... chmod 600 /var/www/MISP/app/Config/{config,database,email}.php
INIT | Flip NGINX live ...
... nginx docroot set to /var/www/MISP/app/webroot
... nginx reloaded
INIT | Configure MISP installation ...
MISP | Update CA certificates ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
MISP | Initialize configuration ...
... configuring default settings
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
MISP | Initialize workers ...
... configuring background workers
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
... starting background workers
2024-02-29 17:15:11,269 INFO spawned: 'default_00' with pid 851
2024-02-29 17:15:11,272 INFO spawned: 'default_01' with pid 852
2024-02-29 17:15:11,275 INFO spawned: 'default_02' with pid 854
2024-02-29 17:15:11,275 INFO exited: default_00 (exit status 127; not expected)
2024-02-29 17:15:11,277 INFO spawned: 'default_03' with pid 855
2024-02-29 17:15:11,280 INFO spawned: 'default_04' with pid 856
2024-02-29 17:15:11,280 INFO exited: default_01 (exit status 127; not expected)
2024-02-29 17:15:11,287 INFO spawned: 'email_00' with pid 857
2024-02-29 17:15:11,288 INFO exited: default_03 (exit status 127; not expected)
2024-02-29 17:15:11,288 INFO exited: default_04 (exit status 127; not expected)
2024-02-29 17:15:11,290 INFO spawned: 'email_01' with pid 858
2024-02-29 17:15:11,292 INFO spawned: 'email_02' with pid 859
2024-02-29 17:15:11,292 INFO exited: default_02 (exit status 127; not expected)
2024-02-29 17:15:11,294 INFO spawned: 'email_03' with pid 860
2024-02-29 17:15:11,301 INFO spawned: 'email_04' with pid 861
2024-02-29 17:15:11,302 INFO exited: email_00 (exit status 127; not expected)
2024-02-29 17:15:11,302 INFO exited: email_02 (exit status 127; not expected)
2024-02-29 17:15:11,304 INFO spawned: 'cache_00' with pid 862
2024-02-29 17:15:11,312 INFO spawned: 'cache_01' with pid 863
2024-02-29 17:15:11,312 INFO exited: email_01 (exit status 127; not expected)
2024-02-29 17:15:11,313 INFO exited: email_03 (exit status 127; not expected)
2024-02-29 17:15:11,313 INFO exited: cache_00 (exit status 127; not expected)
2024-02-29 17:15:11,315 INFO spawned: 'cache_02' with pid 864
2024-02-29 17:15:11,316 INFO exited: cache_01 (exit status 127; not expected)
2024-02-29 17:15:11,318 INFO spawned: 'cache_03' with pid 865
2024-02-29 17:15:11,323 INFO spawned: 'cache_04' with pid 866
2024-02-29 17:15:11,324 INFO exited: email_04 (exit status 127; not expected)
2024-02-29 17:15:11,328 INFO spawned: 'prio_00' with pid 867
2024-02-29 17:15:11,328 INFO exited: cache_02 (exit status 127; not expected)
2024-02-29 17:15:11,329 INFO exited: cache_03 (exit status 127; not expected)
2024-02-29 17:15:11,331 INFO spawned: 'prio_01' with pid 869
2024-02-29 17:15:11,331 INFO exited: cache_04 (exit status 127; not expected)
2024-02-29 17:15:11,333 INFO spawned: 'prio_02' with pid 870
2024-02-29 17:15:11,336 INFO spawned: 'prio_03' with pid 871
2024-02-29 17:15:11,341 INFO spawned: 'prio_04' with pid 873
2024-02-29 17:15:11,341 INFO exited: prio_00 (exit status 127; not expected)
2024-02-29 17:15:11,346 INFO spawned: 'update_00' with pid 874
2024-02-29 17:15:11,347 INFO exited: prio_01 (exit status 127; not expected)
2024-02-29 17:15:11,348 INFO exited: prio_02 (exit status 127; not expected)
2024-02-29 17:15:11,348 INFO exited: prio_03 (exit status 127; not expected)
2024-02-29 17:15:11,351 INFO exited: prio_04 (exit status 127; not expected)
2024-02-29 17:15:11,355 INFO exited: update_00 (exit status 127; not expected)
2024-02-29 17:15:12,358 INFO spawned: 'default_00' with pid 875
2024-02-29 17:15:12,360 INFO spawned: 'default_01' with pid 876
2024-02-29 17:15:12,362 INFO spawned: 'default_02' with pid 877
2024-02-29 17:15:12,364 INFO spawned: 'default_03' with pid 878
2024-02-29 17:15:12,366 INFO spawned: 'default_04' with pid 879
2024-02-29 17:15:12,368 INFO spawned: 'email_00' with pid 880
2024-02-29 17:15:12,370 INFO spawned: 'email_01' with pid 881
2024-02-29 17:15:12,372 INFO spawned: 'email_02' with pid 882
2024-02-29 17:15:12,384 INFO spawned: 'email_03' with pid 883
2024-02-29 17:15:12,385 INFO spawned: 'email_04' with pid 884
2024-02-29 17:15:12,387 INFO spawned: 'cache_00' with pid 885
2024-02-29 17:15:12,389 INFO spawned: 'cache_01' with pid 886
2024-02-29 17:15:12,391 INFO spawned: 'cache_02' with pid 887
2024-02-29 17:15:12,393 INFO spawned: 'cache_03' with pid 888
2024-02-29 17:15:12,395 INFO spawned: 'cache_04' with pid 889
2024-02-29 17:15:12,408 INFO spawned: 'prio_00' with pid 891
2024-02-29 17:15:12,410 INFO spawned: 'prio_01' with pid 892
2024-02-29 17:15:12,412 INFO spawned: 'prio_02' with pid 893
2024-02-29 17:15:12,414 INFO spawned: 'prio_03' with pid 894
2024-02-29 17:15:12,416 INFO spawned: 'prio_04' with pid 895
2024-02-29 17:15:12,418 INFO spawned: 'update_00' with pid 896
2024-02-29 17:15:12,424 INFO exited: default_00 (exit status 127; not expected)
2024-02-29 17:15:12,424 INFO exited: default_01 (exit status 127; not expected)
2024-02-29 17:15:12,424 INFO exited: default_02 (exit status 127; not expected)
2024-02-29 17:15:12,424 INFO exited: default_03 (exit status 127; not expected)
2024-02-29 17:15:12,424 INFO exited: default_04 (exit status 127; not expected)
2024-02-29 17:15:12,425 INFO exited: email_00 (exit status 127; not expected)
2024-02-29 17:15:12,425 INFO exited: email_01 (exit status 127; not expected)
2024-02-29 17:15:12,425 INFO exited: email_02 (exit status 127; not expected)
2024-02-29 17:15:12,425 INFO exited: email_03 (exit status 127; not expected)
2024-02-29 17:15:12,425 INFO exited: email_04 (exit status 127; not expected)
2024-02-29 17:15:12,425 INFO exited: cache_00 (exit status 127; not expected)
2024-02-29 17:15:12,426 INFO exited: cache_01 (exit status 127; not expected)
2024-02-29 17:15:12,426 INFO exited: cache_02 (exit status 127; not expected)
2024-02-29 17:15:12,426 INFO exited: cache_03 (exit status 127; not expected)
2024-02-29 17:15:12,426 INFO exited: cache_04 (exit status 127; not expected)
2024-02-29 17:15:12,426 INFO exited: prio_00 (exit status 127; not expected)
2024-02-29 17:15:12,426 INFO exited: prio_02 (exit status 127; not expected)
2024-02-29 17:15:12,426 INFO exited: prio_04 (exit status 127; not expected)
2024-02-29 17:15:12,427 INFO exited: update_00 (exit status 127; not expected)
2024-02-29 17:15:12,431 INFO exited: prio_03 (exit status 127; not expected)
misp-workers:default_00: ERROR (spawn error)
misp-workers:default_01: ERROR (spawn error)
misp-workers:default_02: ERROR (spawn error)
misp-workers:default_03: ERROR (spawn error)
misp-workers:default_04: ERROR (spawn error)
misp-workers:email_00: ERROR (spawn error)
misp-workers:email_01: ERROR (spawn error)
misp-workers:email_02: ERROR (spawn error)
misp-workers:email_03: ERROR (spawn error)
misp-workers:email_04: ERROR (spawn error)
misp-workers:cache_00: ERROR (spawn error)
misp-workers:cache_01: ERROR (spawn error)
misp-workers:cache_02: ERROR (spawn error)
misp-workers:cache_03: ERROR (spawn error)
misp-workers:cache_04: ERROR (spawn error)
misp-workers:prio_00: ERROR (spawn error)
misp-workers:prio_01: ERROR (spawn error)
misp-workers:prio_02: ERROR (spawn error)
misp-workers:prio_03: ERROR (spawn error)
misp-workers:prio_04: ERROR (spawn error)
misp-workers:update_00: ERROR (spawn error)
2024-02-29 17:15:12,435 INFO exited: prio_01 (exit status 127; not expected)
MISP | Configure GPG key ...
... generating new GPG key in /var/www/MISP/.gnupg
gpg: WARNING: unsafe permissions on homedir '/var/www/MISP/.gnupg'
gpg: keybox '/var/www/MISP/.gnupg/pubring.kbx' created
gpg: Generating a basic OpenPGP key
2024-02-29 17:15:14,468 INFO spawned: 'default_00' with pid 903
2024-02-29 17:15:14,470 INFO spawned: 'default_01' with pid 904
2024-02-29 17:15:14,472 INFO spawned: 'default_02' with pid 905
2024-02-29 17:15:14,475 INFO spawned: 'default_03' with pid 906
2024-02-29 17:15:14,477 INFO spawned: 'default_04' with pid 907
2024-02-29 17:15:14,481 INFO spawned: 'email_00' with pid 908
2024-02-29 17:15:14,485 INFO spawned: 'email_01' with pid 909
2024-02-29 17:15:14,489 INFO spawned: 'email_02' with pid 911
2024-02-29 17:15:14,492 INFO spawned: 'email_03' with pid 912
2024-02-29 17:15:14,494 INFO spawned: 'email_04' with pid 913
2024-02-29 17:15:14,496 INFO spawned: 'cache_00' with pid 914
2024-02-29 17:15:14,498 INFO spawned: 'cache_01' with pid 915
2024-02-29 17:15:14,514 INFO spawned: 'cache_02' with pid 916
2024-02-29 17:15:14,516 INFO spawned: 'cache_03' with pid 917
2024-02-29 17:15:14,524 INFO spawned: 'cache_04' with pid 918
2024-02-29 17:15:14,526 INFO spawned: 'prio_00' with pid 919
2024-02-29 17:15:14,531 INFO spawned: 'prio_01' with pid 921
2024-02-29 17:15:14,533 INFO spawned: 'prio_02' with pid 922
2024-02-29 17:15:14,537 INFO spawned: 'prio_03' with pid 923
2024-02-29 17:15:14,539 INFO spawned: 'prio_04' with pid 924
2024-02-29 17:15:14,541 INFO spawned: 'update_00' with pid 925
2024-02-29 17:15:14,542 INFO exited: default_00 (exit status 127; not expected)
2024-02-29 17:15:14,543 INFO exited: default_01 (exit status 127; not expected)
2024-02-29 17:15:14,543 INFO exited: default_02 (exit status 127; not expected)
2024-02-29 17:15:14,543 INFO exited: default_03 (exit status 127; not expected)
2024-02-29 17:15:14,543 INFO exited: default_04 (exit status 127; not expected)
2024-02-29 17:15:14,544 INFO exited: email_00 (exit status 127; not expected)
2024-02-29 17:15:14,544 INFO exited: email_01 (exit status 127; not expected)
2024-02-29 17:15:14,544 INFO exited: email_02 (exit status 127; not expected)
2024-02-29 17:15:14,544 INFO exited: email_03 (exit status 127; not expected)
2024-02-29 17:15:14,544 INFO exited: email_04 (exit status 127; not expected)
2024-02-29 17:15:14,545 INFO exited: cache_00 (exit status 127; not expected)
2024-02-29 17:15:14,545 INFO exited: cache_01 (exit status 127; not expected)
2024-02-29 17:15:14,545 INFO exited: cache_02 (exit status 127; not expected)
2024-02-29 17:15:14,545 INFO exited: cache_03 (exit status 127; not expected)
2024-02-29 17:15:14,545 INFO exited: cache_04 (exit status 127; not expected)
2024-02-29 17:15:14,545 INFO exited: prio_00 (exit status 127; not expected)
2024-02-29 17:15:14,556 INFO exited: prio_02 (exit status 127; not expected)
2024-02-29 17:15:14,556 INFO exited: prio_04 (exit status 127; not expected)
2024-02-29 17:15:14,556 INFO exited: update_00 (exit status 127; not expected)
2024-02-29 17:15:14,560 INFO exited: prio_01 (exit status 127; not expected)
2024-02-29 17:15:14,563 INFO exited: prio_03 (exit status 127; not expected)
gpg: /var/www/MISP/.gnupg/trustdb.gpg: trustdb created
gpg: key E60F190CB85C87B6 marked as ultimately trusted
gpg: directory '/var/www/MISP/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/var/www/MISP/.gnupg/openpgp-revocs.d/3125DFF454ADD85C4DFCA8B6E60F190CB85C87B6.rev'
gpg: Done
... exporting GPG key
gpg: Fatal: can't create directory '/var/www/MISP/.gnupg': Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
MISP | Apply updates ...
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
MISP | Init default user and organization ...
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
... admin user key auto generation disabled
... setting admin password skipped
MISP | Resolve critical issues ...
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /usr/bin/php: Permission denied
sudo: unable to execute /usr/bin/php: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
MISP | Resolve non-critical issues ...
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
MISP | Create sync servers ...
... admin key auto configuration is required to configure sync servers
MISP | Update components ...
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
MISP | Set Up OIDC ...
... OIDC authentication disabled
MISP | Set Up LDAP ...
... LDAP authentication disabled
MISP | Mark instance live
sudo: unable to execute /var/www/MISP/app/Console/cake: Permission denied
2024-02-29 17:15:18,539 INFO spawned: 'default_00' with pid 1006
2024-02-29 17:15:18,542 INFO spawned: 'default_01' with pid 1007
2024-02-29 17:15:18,544 INFO spawned: 'default_02' with pid 1008
2024-02-29 17:15:18,546 INFO spawned: 'default_03' with pid 1009
2024-02-29 17:15:18,548 INFO spawned: 'default_04' with pid 1010
2024-02-29 17:15:18,550 INFO spawned: 'email_00' with pid 1011
2024-02-29 17:15:18,552 INFO spawned: 'email_01' with pid 1012
2024-02-29 17:15:18,554 INFO spawned: 'email_02' with pid 1013
2024-02-29 17:15:18,559 INFO spawned: 'email_03' with pid 1014
2024-02-29 17:15:18,561 INFO spawned: 'email_04' with pid 1015
2024-02-29 17:15:18,569 INFO spawned: 'cache_00' with pid 1016
2024-02-29 17:15:18,573 INFO spawned: 'cache_01' with pid 1018
2024-02-29 17:15:18,576 INFO spawned: 'cache_02' with pid 1019
2024-02-29 17:15:18,578 INFO spawned: 'cache_03' with pid 1020
2024-02-29 17:15:18,588 INFO spawned: 'cache_04' with pid 1021
2024-02-29 17:15:18,590 INFO spawned: 'prio_00' with pid 1022
2024-02-29 17:15:18,592 INFO spawned: 'prio_01' with pid 1023
2024-02-29 17:15:18,595 INFO spawned: 'prio_02' with pid 1024
2024-02-29 17:15:18,597 INFO spawned: 'prio_03' with pid 1025
2024-02-29 17:15:18,599 INFO spawned: 'prio_04' with pid 1026
2024-02-29 17:15:18,601 INFO spawned: 'update_00' with pid 1027
2024-02-29 17:15:18,602 INFO exited: default_00 (exit status 127; not expected)
2024-02-29 17:15:18,603 INFO exited: default_01 (exit status 127; not expected)
2024-02-29 17:15:18,603 INFO exited: default_02 (exit status 127; not expected)
2024-02-29 17:15:18,603 INFO exited: default_03 (exit status 127; not expected)
2024-02-29 17:15:18,603 INFO exited: default_04 (exit status 127; not expected)
2024-02-29 17:15:18,603 INFO exited: email_00 (exit status 127; not expected)
2024-02-29 17:15:18,603 INFO exited: email_01 (exit status 127; not expected)
2024-02-29 17:15:18,604 INFO exited: email_02 (exit status 127; not expected)
2024-02-29 17:15:18,604 INFO exited: email_03 (exit status 127; not expected)
2024-02-29 17:15:18,604 INFO exited: email_04 (exit status 127; not expected)
2024-02-29 17:15:18,604 INFO exited: cache_00 (exit status 127; not expected)
2024-02-29 17:15:18,604 INFO exited: cache_01 (exit status 127; not expected)
2024-02-29 17:15:18,609 INFO exited: cache_02 (exit status 127; not expected)
2024-02-29 17:15:18,609 INFO exited: cache_03 (exit status 127; not expected)
2024-02-29 17:15:18,609 INFO exited: cache_04 (exit status 127; not expected)
2024-02-29 17:15:18,609 INFO exited: prio_00 (exit status 127; not expected)
2024-02-29 17:15:18,609 INFO exited: prio_01 (exit status 127; not expected)
2024-02-29 17:15:18,609 INFO exited: prio_03 (exit status 127; not expected)
2024-02-29 17:15:18,610 INFO exited: prio_04 (exit status 127; not expected)
2024-02-29 17:15:18,615 INFO gave up: default_00 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,615 INFO gave up: default_01 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,615 INFO gave up: default_02 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,615 INFO gave up: default_03 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,615 INFO gave up: default_04 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,615 INFO gave up: email_00 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,615 INFO gave up: email_01 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,615 INFO gave up: email_02 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,615 INFO gave up: email_03 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,615 INFO gave up: email_04 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,615 INFO gave up: cache_00 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,615 INFO gave up: cache_01 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,616 INFO gave up: cache_02 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,616 INFO gave up: cache_03 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,616 INFO gave up: cache_04 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,616 INFO gave up: prio_00 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,616 INFO gave up: prio_01 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,616 INFO gave up: prio_03 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,616 INFO gave up: prio_04 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,616 INFO exited: prio_02 (exit status 127; not expected)
2024-02-29 17:15:18,616 INFO exited: update_00 (exit status 127; not expected)
2024-02-29 17:15:18,616 INFO gave up: prio_02 entered FATAL state, too many start retries too quickly
2024-02-29 17:15:18,616 INFO gave up: update_00 entered FATAL state, too many start retries too quickly
.
.
.
.
.
.

Could anyone help me here?

Just wondering if i want to install shibd service in misp core?
How would i achieve this?

Is it possible to add this to misp core container to support user to configure SAML login?

looks like there is a mistake in the regex here?
RUN sed -i s/LoadLibrary(LOAD_LIB)/LoadLibrary("\/usr\/local\/lib\/libfaupl.so")/ \

I am planning to build the individual image and push to ecr. while building the misp-modules image I get below error:

=> ERROR [stage-1 7/7] RUN sed -i '/import sys/a import warnings\nwarnings.warn = lambda *args, **kwargs: None' /usr/local/bin/misp-modules 0.3s

[stage-1 7/7] RUN sed -i '/import sys/a import warnings\nwarnings.warn = lambda *args, **kwargs: None' /usr/local/bin/misp-modules:
0.296 sed: can't read /usr/local/bin/misp-modules: No such file or directory

Dockerfile:83

82 | # Disable (all) warnings raised when using 'future'
83 | >>> RUN sed -i '/import sys/a import warnings\nwarnings.warn = lambda *args, **kwargs: None'
84 | >>> /usr/local/bin/misp-modules
85 |

ERROR: failed to solve: process "/bin/sh -c sed -i '/import sys/a import warnings\nwarnings.warn = lambda *args, **kwargs: None' /usr/local/bin/misp-modules" did not complete successfully: exit code: 2

Check the Image in VS Code.

Description

On enabling a feed, there's a strange transparent screen showing:

I get the following error on Firefox's console:

Uncaught SyntaxError: redeclaration of let keyboardShortcutsManager
    <anonymous> http://veille.eqima.org/js/keyboard-shortcuts.js:1

Environment

• Firefox version 124.0.2 (64-bit)
• Ubuntu 22.04
• Current master branch of misp-docker
• Using nginx Reverse proxy, but I already tried to set BASE_URL to bare IP address and it still doesn't solve the issue.

Notable environment variable:

• DISABLE_IPV6=true
• DISABLE_SSL_REDIRECT=false
• OIDC_ENABLE=false
• LDAP_ENABLE=false

Hi,
Quite new to handling docker contains (but also new to MISP).

Everything builds as expected but I have a question. Can you implement to docker_compose.yml for static IP settings?
I will go for settings up a proxy on the host, thus wanting a static IP for the interface.

It would be great if you guys have a simple workaround to get statis IP assigned, while not implemented in the docker_compose.yml file.

All the best,
Daniel

Right now email.php values are hard coded forcing user to use the mail subsystem in docker-compose.
While this is handy for local deployments, it's not suitable when you want to use the image in a different environment like k8s or even docker-compose deployment where another smtp service already exists.

Both misp-core and misp-modules have an outdated Debian distribution hardcoded in their Dockerfile, forcing use of Debian 11 instead of Debian 12 (Or latest stable release):

We currently are evaluating the misp-{docker,modules} v2.4.186 containers to replace our existing misp installation (based on the coolacid containers), and we are running into an issue with the workers.

Observed behaviour

The container boots, and fires up the workers, all is good:

2024-03-06 14:03:26 Info: [WORKER PID: 1036][default] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1043][email] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1049][email] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1038][default] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1039][default] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1045][email] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1041][default] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1037][default] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1069][cache] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1055][email] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1098][prio] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1066][cache] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1059][email] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1063][cache] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1075][cache] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1091][prio] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1100][prio] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1095][prio] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1111][prio] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1082][cache] - starting to process background jobs...
2024-03-06 14:03:26 Info: [WORKER PID: 1134][update] - starting to process background jobs...

24 hours later, the workers are gracefully killed:

2024-03-07 14:03:50 Info: [WORKER PID: 1036][default] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1043][email] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1049][email] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1038][default] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1039][default] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1037][default] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1041][default] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1045][email] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1069][cache] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1063][cache] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1098][prio] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1091][prio] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1055][email] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1059][email] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1066][cache] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1100][prio] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1111][prio] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1134][update] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1075][cache] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1082][cache] - worker max execution time reached, exiting gracefully worker...
2024-03-07 14:03:51 Info: [WORKER PID: 1095][prio] - worker max execution time reached, exiting gracefully worker...

However, the workers are not started again, and we need to restart the container to get back the workers.

Expected behaviour:

The misp-core container manages its workers without any intervention OR a procedure is provided on how to restart the workers.

Configuration

We use a modified setup based on the docker-compose setup, but by using systemd unit files. The containers are rebuilt using the following Dockerfile:

FROM ghcr.io/misp/misp-docker/misp-core:v2.4.186

RUN \
    mkdir -p /var/www/MISP/app/files.dist/misp-objects/objects/phish-healthcare && \
    apt update && \
    apt -qqy install less && \
    apt clean

COPY files/phish-healthcare.json /var/www/MISP/app/files.dist/misp-objects/objects/phish-healthcare/definition.json

The unit file we use to start this container is as follows:

[Unit]
Description=MISP core running inside of docker
After=network.target
[Service]
Type=simple
ExecStartPre=/bin/bash -c "cat /etc/image-pull-secret.txt | docker login -u xxyyzz --password-stdin aa.bb.cc:5050"
ExecStart=/usr/bin/docker run \
  --rm \
  --name misp-core \
  --network host \
  --env-file /etc/misp/core.env \
  -v /etc/misp/config:/var/www/MISP/app/Config \
  -v /etc/misp/customization:/var/www/MISP/app/webroot/img/custom \
  -v /var/log/misp:/var/www/MISP/app/tmp/logs \
  -v /var/lib/misp:/var/www/MISP/app/files \
  -v /etc/misp/gnupg:/var/www/MISP/.gnupg \
  -v /etc/easytls/certs/misp.cert:/etc/nginx/certs/cert.pem \
  -v /etc/easytls/certs/misp.key:/etc/nginx/certs/key.pem \
  aa.bb.cc:5050/docker/misp-core:10
ExecStop=/usr/bin/docker kill misp-core
TimeoutStartSec=0
Restart=always
RestartSec=3s
[Install]
WantedBy=default.target

The corresponding env file contains the following:

[email protected]
ADMIN_ORG=AAABBBCCC
ADMIN_KEY=
ADMIN_PASSWORD=secret
GPG_PASSPHRASE=passphrase
CRON_USER_ID=1
BASE_URL=https://misp01.aa.bb.cc
SMARTHOST_ADDRESS=mail01.aa.bb.cc
[email protected]
[email protected]
AUTOCONF_GPG=False
AUTOGEN_ADMIN_KEY=True
DISABLE_IPV6=True
MYSQL_HOST=mysql.aa.bb.cc
MYSQL_PORT=3306
MYSQL_USER=misp
MYSQL_PASSWORD=secret
MYSQL_DATABASE=misp
REDIS_FQDN=localhost

Actual behavior

After adding authentication certificates to one of our remote server and reloading the container the certificates disapears in the folder /var/www/MISP/app/files/certs/

It seems that this function is executed at each container startup core/files/entrypoint_nginx.sh:

update_misp_data_files(){
    for DIR in $(ls /var/www/MISP/app/files.dist); do
        echo "... rsync -azh --delete \"/var/www/MISP/app/files.dist/$DIR\" \"/var/www/MISP/app/files/\""
        rsync -azh --delete "/var/www/MISP/app/files.dist/$DIR" "/var/www/MISP/app/files/"
    done
}

--delete: This option tells rsync to delete files in the destination directory (/var/www/MISP/app/files/) that do not exist in the source directory (/var/www/MISP/app/files.dist/certs).
This result deleting all custom certificates in (/var/www/MISP/app/files/certs).

In the startup logs:

rsync -azh --delete "/var/www/MISP/app/files.dist/certs" "/var/www/MISP/app/files/"

Expected behavior

The Certificates should remain in /var/www/MISP/app/files/certs/ after rebooting the MISP Docker container.

Steps to reproduce

1. Set server/client certificates for a remote server.
2. docker compose down
3. docker compose up
4. Try any sync process, a connection test to a remote server after

You would get a Connection Timeout:

Operating System

Centos

Operating System version

8

Core Build: v2.4.188

Description
When starting the core container the files/taxonomies directory is overwritten by entrypoint_nginx.sh. This seems to prevent the user from provisioning custom taxonomies to MISP.

Related issues
#31
#16
#17

Can this be fixed by applying a similar exception as used in the related issues, or am I misunderstanding how taxonomies should be provided?

Step 42/53 : COPY --from=python-build /wheels /wheels
ERROR: Service 'misp-core' failed to build: COPY failed: stat wheels: file does not exist

There seems to be no way to instantiate a misp-core container with debug mode enabled.

While it is possible to enable debug mode through the UI, it may not always be usable. Consider the case where the container is broken and fails to authenticate despite showing the web UI. In such a case, it's tedious to login into the container to enable debug mode over the shell. It would be convenient if we could respin the container in debug mode amd look at the debug error logs shown on the web UI.

This can be fixed by adding a dedicated "MISP_DEBUG" variable in the .env file.

Obviously, enabling debug mode in a production environment is unsafe, so documentation should appropriately warn of the risk.

Context

Currently it is possible to use Redis over TLS by appending tls:// to the REDIS_FQDN environment variable, which even if not present in the template.env file, is available in the code:

Error

Unfortunately, the entrypoint_fpm.sh file hardcodes the tcp:// prefix in the FQDN:

Hello,

I am trying to integrate MISP feed into Microsoft Sentinel. For that I need to get an Auth Key for being able to use the misp2Sentinel script.

I'm getting an error 500 when I do that :

Do you have any clue about the problem ?

Having this repo also build a image for misp-guard would be nice - https://github.com/MISP/misp-guard/

nginx seems to fail with the core.
after following the simple path to get something running. I was unable to connect to the web interface.  After some poking
docker logs -f ID

I found the log appeard to be repeading itself. ( rsync, chown, Init Flipping nginx ) over and over.
connecting to the image with bash and looking at   /var/log/nginx/error.log shows Lots of
[notice] 70257#70257: signal process started
[error] 70257#70257: open() "/run/nginx.pid" failed (2: No such file or directory
[emerg] 70172#70172: socket() [::]:443 failed (97: Address family not supported by protocol)

Problem

Our current MISP deployment is based on the no longer supported coolacid/docker-misp image. Due to the archived status of the associated GitHub repository and the lack of ongoing support, we need to migrate to the official image.

Taking these circumstances into account, we are looking for instructions or a comprehensive migration guide for the transition to the official Docker image. It would be great if possible differences in the configurations, dependencies and database management between the two Docker images were pointed out and suitable migration solutions were specified.

Previous attempts

We tried to follow the instructions given in issue #2237 for migrating MISP data without the context of Docker. However, this approach resulted in database instability, possibly due to differences such as the transition from MySQL to MariaDB in the official MISP Docker image.

Support needed

Given the urgent need to migrate from the legacy Docker image, we are asking for support, documentation or best practices to enable a transition to the official MISP Docker image. Any insight, guidance or recommendations would be helpful to ensure a stable and reliable deployment.

Thank you in advance!

Short summary:

• tried installing custom company SSL certs
• set the certs like described in the readme
• misp ignores this every time at the startup and only generates local certs every time

setup the environment according to the information available here.
can contact the misp-modules container exposed port 6666 via telnet
but in misp-core diagnostics i get "connection refused"

Enrichment module system…Connection refused
Import module system…Connection refused
Export module system…Connection refused
Cortex module system…System not enabled

i even tried to use a modified container with the entrypoint misp-modules -l 0.0.0.0 -s
with no avail

This is similar to #57, but for other configurations.

Many configurations under Server Settings & Maintenance are marked "[CLI only]" in their descriptions. These cannot be changed via the UI. We again face the same issue described in #57, where one must take a bash shell into the container to configure these settings.

This is tedious and can be avoided if all CLI-only configurations have corresponding environment variables in the .env file which can define the specific settings.

I wasn't able to log in because of the error: "You have tripped the cross-site request forgery protection of MISP". I swapped out the default SSL certs for valid self-signed SSL certs, redeployed the machine, re-ran the Ansible playbook and the error went away. Not sure if it was the certs or the reinstall that did the trick, but I thought I'd leave behind a trace for others trying to debug this issue.

Posted same question on the primary MISP project site in case this is related to underlying code.
Posting here in case it is Docker-configuration related.
MISP/MISP#9629

Best...

Currently installed version… v2.4.187 (MISP/MISP@661b238)
Fresh installation within Ubuntu 22.04 LTS/Docker/Portainer using https://github.com/MISP/misp-docker project.

We find that MISP does not refresh the webpages after submitting forms, i.e., login, adding new users, etc. Pressing F5 will yield the "You have tripped the cross-side request forgery protection of MISP" warning, but then we are able to navigate away and verify that we were able to log in, that new users were indeed created, etc.

Behaviour appears on multiple workstations with Edge/CHROME (so far tested).

Any insight is appreciated.

MISP version
2.4.187

Operating System
Ubuntu

Operating System version
22.04

PHP version
7.4.33

Browser
Edge, Chrome

I am running in a LXC container on Proxmox. I have tried both a 23.10 and a 22.04 Ubuntu image. Both fail with the same error.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Removing intermediate container 2672ecbab5af
---> bb2d1770af54
Step 42/53 : COPY --from=python-build /wheels /wheels
COPY failed: stat wheels: file does not exist
ERROR: Service 'misp-core' failed to build : Build failed

During deployment I got an error https://raw.githubusercontent.com/MISP/MISP//app/composer.json file does not exist

Hi,
I'm running into this issue when building misp.

ERROR: Service 'misp-core' failed to build: COPY failed: stat wheels: file does not exist

How can I resolve this?