You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cd /srv
genpasswd() {
local l=$1
[ "$l"=="" ] && l=40
tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l}| xargs
}
mkdir /srv/git /srv/misp-containers /srv/misp-volumes
cd /srv/git
git clone https://github.com/MISP/misp-docker.git
cd /srv/git/misp-docker
# check latest version
grep _TAG= template.env
CORE_TAG=v2.4.195
MODULES_TAG=v2.4.195
cp -av docker-compose.yml /srv/misp-containers
cp -av template.env /srv/misp-containers/.env
cd /srv/misp-containers
# replace latest with tags, due we dont want to complile "this is a bug in compose file"
sed -i 's/misp-core:latest/misp-core:${CORE_TAG}/' docker-compose.yml
sed -i 's/misp-modules:latest/misp-modules:${MODULES_TAG}/' docker-compose.yml
# Corporate specific config
ADMIN_ORG="MyOrg"
SMARTHOST_ADDRESS="mailgw.domain.tld"
SMARTHOST_PORT=25
MISP_EMAIL="sender@domain.tld"
MISP_CONTACT="contact@domain.tld"
DISABLE_IPV6=true
BASE_URL="https://misp-test.domain.tld"
sed -i "s|^ADMIN_ORG=.*|ADMIN_ORG=\"$ADMIN_ORG\"|" .env
sed -i "s|^SMARTHOST_ADDRESS=.*|SMARTHOST_ADDRESS=\"$SMARTHOST_ADDRESS\"|" .env
sed -i "s|^SMARTHOST_PORT=.*|SMARTHOST_PORT=$SMARTHOST_PORT|" .env
sed -i "s|^# MISP_EMAIL=.*|MISP_EMAIL=\"$MISP_EMAIL\"|" .env
sed -i "s|^# MISP_CONTACT=.*|MISP_CONTACT=\"$MISP_CONTACT\"|" .env
sed -i "s|^# DISABLE_IPV6=.*|DISABLE_IPV6=$DISABLE_IPV6|" .env
sed -i "s|^BASE_URL=.*|BASE_URL=\"$BASE_URL\"|" .env
# random passwords
MYSQL_ROOT_PASSWORD=$(genpasswd)
MYSQL_PASSWORD=$(genpasswd)
REDIS_PASSWORD=$(genpasswd)
ENCRYPTION_KEY=$(genpasswd)
sed -i "s/# MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=\"$MYSQL_ROOT_PASSWORD\"/" .env
sed -i "s/# MYSQL_PASSWORD=.*/MYSQL_PASSWORD=\"$MYSQL_PASSWORD\"/" .env
sed -i "s/# REDIS_PASSWORD=.*/REDIS_PASSWORD=\"$REDIS_PASSWORD\"/" .env
sed -i "s/ENCRYPTION_KEY=.*/ENCRYPTION_KEY=\"$ENCRYPTION_KEY\"/" .env
pull docker images
cd /srv/misp-containers
podman-compose pull
Insert CAP_AUDIT_WRITE to misp-core pod in docker compose file
cd /srv/misp-containers/
# first start and follow logs
podman-compose up -d
podman logs -f misp-containers_misp-core_1
podman-compose down
podman network inspect misp-containers_default
Setup Notes v2.4.195
Cheers Chris
Prepare / Proceed
Outcome
ToDo
enforce selinux
dnf -y install setroubleshoot-server sed -i 's/^SELINUX=.*/SELINUX=enforcing/' /etc/selinux/config grep ^SELINUX= /etc/selinux/config SELINUX=enforcing setenforce 1 getenforce
Firewall Setup
Podman Setup
Podman default network configuration
Podman default network configuration testing (optional)
Start the fresh misp configuration
pull docker images
cd /srv/misp-containers podman-compose pull
Insert CAP_AUDIT_WRITE to misp-core pod in docker compose file
update volumes in docker compose file and remove port 80
Create volumes for pods
Start compose and wait for finishing message
now make a service out of it
TEST
Custom Server Cert (just for Testing):
The text was updated successfully, but these errors were encountered: