Web Links appear to be absolute to localhost, not relative.

[frankangiolelli]

First, thank you, this is excellent. I am running this in a lab and the web links appear to be hard coded to "localhost". This presents issues. Is it possible to make them relative please?

[ventz]

@frankangiolelli - Glad you are finding it useful.

The 'localhost' is not hard coded -- it's coming from the MISP project, but it's actually being generated from the FQDN given I believe. By default, the Docker image is built using 'localhost.

You can build it with "--build-arg MISP_FQDN=https://yourchoice.tld" and provide any domain that you want, and it should override it.

I'll leave this issue open so you can confirm this from your side.

[Theory5]

Hi @ventz (not sure if you're the person to ask),

Can someone please provide documentation (or point me to such) that rectifies the "Run in 3 minutes" commands with the dockerfile? i.e. if I run those commands, how do I ensure it builds from the Dockerfile? I tried to do it my way, which resulted in MYSQL not working. So then I ran the set of commands in the documentation that built the container and initializes MYSQL. It worked, BUT it didn't take the settings from the dockerfile, which I thought it'd do that by default, and I have the same issue as described by @frankangiolelli .

I'm really confused at this, and not that great with docker. Any help would be appreciated, as I still have this same issue w/ localhost (and I cannot edit files in docker, as there's a really weird issue when I try to edit files within a container). I'm quite lost...

[ventz]

Hi @Theory5 - If you clone the github repo, you have to build it. At that point, you can (and should) change the build args.

This is the following in the build.sh:

    --build-arg MYSQL_ROOT_PASSWORD=ChangeThisDefaultPassworda9564ebc3289b7a14551baf8ad5ec60a \
    --build-arg MYSQL_MISP_PASSWORD=ChangeThisDefaultPassworda9564ebc3289b7a14551baf8ad5ec60a \
    --build-arg POSTFIX_RELAY_HOST=localhost \
    --build-arg MISP_FQDN=localhost \
    --build-arg MISP_EMAIL=admin@localhost \

We have set some defaults so that people can a.) see what the "bare minimum" things they should change are, and b.) so that they can launch a "working" image without having to change anything.

That said, if you pull the binary image (from Dockerhub) -- you will get a pre-built image with the above parameters/passwords.

What you need to do is the following (and tagging @frankangiolelli here too):

Step 0:

First, make sure to remove any traces of the binary image, in case you have pulled it, which you probably have:

docker rmi harvard-itsecurity/docker-misp

and then, pull this git repo:

git clone https://github.com/harvard-itsecurity/docker-misp.git

Go into it cd docker-misp, and modify the build.sh with the custom passwords/domain names. Specifically, you have to change the:

MISP_FQDN=localhost

Then build the image by running:

./build.sh

from the same dir (the root of "docker-misp").

This will produce an image called harvarditsecurity/docker-misp

At that point, follow steps 1,2 and 3 in the README.md:

https://github.com/harvard-itsecurity/docker-misp/blob/master/README.md

Let me know if this makes sense?

I can update the README with a step 0.) describing the above information.

[Theory5]

Ah ok, I think I was under the assumption everything in the git repo went together, and it wasn't two separate setups. Thanks! This should give me what I need!

When I first tried to run the build.sh, it kept saying that --rm wasn't a valid command... Was I simply in the wrong directory?

[ventz]

Technically it should be 1 setup -- the "build your own", but people kept requesting a binary image "just to give it a try on their laptop/desktop". Eventually, between those requests and the emails from the Dockerhub "stub page" that asked "can you provide a full Docker image", we decided to push up a binary image. But that binary image is basically insecure since the passwords are hard coded, and it's pre-configured for "LOCALHOST" on deployment.

I would definitely suggest the "Build your own using our script" as the way to go, especially if you want to run this in production.

I am not sure why you were getting that error -- that would only happen if "docker" is not an available command.

To verify that your docker setup is proper, you can try to copy and paste the lines from the "build.sh" and run them manually. Also, you can get rid of the "" (backslashes) and run the 3rd->10th line all as one command

My guess is at some point you ran "docker build" as one line, and the "--rm=true ..." as a separate line, rather than an extension.

[ventz]

@frankangiolelli - ping - let me know if you are still seeing this, and check out the above thread. I am assuming you were running into the same issue (using the pre-built binary image vs building a custom with the parameters). I'll keep this issue open for a few more days, and then close it after that -- but feel free to re-open if you run into this with the built one. Thanks.

[Theory5]

Hi @ventz,

Sorry to bug you again... When I build the container (from the build.sh script I edit) with anything BUT localhost, it gives me this error:

'message' => 'SQLSTATE[HY000] [1045] Access denied for user 'misp'@'localhost' (using password: YES)',

in this case, I set my own stuff, but the account in build.sh was still set to [email protected] (after @ is placeholder for my company internal DNS). I tried making up a fake DNS name, same thing. I tried 0.0.0.0, same thing. I tried [email protected] (placeholder) same issue...

Is this related to the naming (if not, I will open a new issue)? I ensured I followed your instructions and initialized the database.

What do you need to assist me?

[ventz]

Hi @Theory5 - no problem - give me a bit to spin up a new VM with docker and build a clean image.

The MySQL part should not be related because it's hard coded to always listen on localhost, since it's only accessing itself from the same host:

echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')\"" >> /init-db ; \

But maybe there is something else going on somewhere.

Let me run through it manually as an end user :) and I'll get back to you.

[ventz]

@Theory5 Just ran through everything and it's working for me.

On a new system, I installed Docker and did this:

git clone https://github.com/harvard-itsecurity/docker-misp.git
cd docker-misp

And changed build.sh with the following:

#!/bin/bash
docker rmi harvarditsecurity/misp
docker build \
    --rm=true --force-rm=true \
    --build-arg MYSQL_ROOT_PASSWORD=pCqj9G2EXLeNQCE2cz2G \
    --build-arg MYSQL_MISP_PASSWORD=LndZ2g74KQ6mWwqrArHK \
    --build-arg POSTFIX_RELAY_HOST=localhost \
    --build-arg MISP_FQDN=test.com \
    --build-arg [email protected] \
    -t harvarditsecurity/misp container

and then ran:

./build.sh

After I got to:

Successfully built 23949000e3b6
Successfully tagged harvarditsecurity/misp:latest

I created a folder "/docker" and inside of it "DATA" and inside of it "misp-db" for the contents of this container's data -- then I did everything else from the "run" (steps 1 - 3" instructions):

docker run -it --rm -v /docker/DATA/misp-db:/var/lib/mysql harvarditsecurity/misp /init-db

NOTE: You could do /misp-db directly if you wanted to.
If you are on a mac running docker, you would need to add the volume folder in the preferences.

Then I waited for the mysql init to exit, and it ended with:

180214 21:59:31 mysqld_safe Logging to syslog.
180214 21:59:31 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql

And then started MISP:

docker run -it -d -p 443:443 -p 80:80 -p 3306:3306 -v /docker/DATA/misp-db:/var/lib/mysql harvarditsecurity/misp

And then to access it via "test.com" on my client, I edited "/etc/hosts" and placed the IP/host:

$IP-ADDRESS-HERE test.com

and then went to the web browser and did:

https://test.com

This came to the login page, where I did:

Login: [email protected]
Password: admin

^ Note - I still used "[email protected]" for the login -- that's the default MISP login.
(If my domain was NOT test.com but instead 'somedomain.tld', you would still use [email protected]" here)

Then it prompted me to change my password, and I set a new one.

[Theory5]

@ventz Thanks man, it looks like it's working now! The issue wasn't with the FDQN, as I thought, but apparently the first time I built it out with the localhost name and it worked, I thought that was all I needed to do, when I apparently missed a step or some formatting for the commands.

After following ALL your instructions to the letter, it only started working when I created that /docker/DATA/misp-db path, and then this copied directly from what you just wrote:

docker run -it --rm -v /docker/DATA/misp-db:/var/lib/mysql harvarditsecurity/misp /init-db

then started MISP.

I must've been missing something (beyond just creating those folders) as I always tried to initialized the DB with a copy and paste from the original instructions:

docker run -it --rm
-v /misp-db:/var/lib/mysql
harvarditsecurity/misp /init-db

but I NEVER saw the output when running that command that I saw after using your one line command to initialize the DB. I don't know why, I thought CENTOS shouldn't have issues with multiple lines... Maybe all I forgot to do was create the directory? The error I was getting was a weirdly formatted page with the headers and footers for MISP, only saying An Internal Error Has Occured.

After it initialized and gave me back the prompt, it looks like it works fine! Thanks for all your help, and the prompt responses you've given. Not that I'm great at development or anything, but if you ever want a hand with testing or writing things up, let me know. I definitely owe you one, I'd been pulling my hair out over this.

[ventz]

@Theory5 - great! I am glad it's working.

Were you doing this on a mac by any chance?

I really should update the default example -- I feel like Docker at some point changed so that you can't use volumes in the "/" (root) dir, and that could have caused

[Theory5]

Hi @ventz,

Nope, a clean CENTOS 7 built for this on a Dell Server the engineering guys didn't need anymore at my company. If you want the exact server model let me know.

[ventz]

No, that's helpful. I am just going to change the example.

Thanks again. Closing this issue now. Feel free to bring up anything else that comes up.