## Introduction This documentation provides a comprehensive guide to deploying and configuring the Malware Information Sharing Platform (MISP) using Docker. MISP is an open-source threat intelligence platform designed to facilitate the sharing, storing, and correlation of Indicators of Compromise (IoCs) about malware and other threats. For this deployment, we utilized the official MISP Docker repository, which streamlines the setup process and ensures a consistent and reliable installation. The repository can be found at [MISP Docker GitHub](https://github.com/MISP/misp-docker). Key features of our deployment include: - **SSL Configuration**: To ensure secure communication, a self-signed SSL certificate was used. - **Email Integration**: Mandrill was chosen for email integration, enabling automated email notifications and updates. This documentation will guide you through the following steps: - Prerequisites and initial setup - Cloning the MISP Docker repository - Generating and applying a self-signed SSL certificate - Configuring environment variables - Integrating Mandrill for email functionality - Running and managing the MISP Docker containers - Verifying the deployment By following this guide, you will be able to set up a production-ready MISP instance tailored to organization's needs. ## Prerequistes and Initial setup Before proceeding with the deployment of MISP using Docker, we ensured that the following prerequisites are met and the initial setup is completed. This will help streamline the installation process and avoid potential issues. 1. A Linux-based OS is recommended (We use Ubuntu) 2. Install Docker. You can follow the instructions from the [official Docker documentation](https://docs.docker.com/) 3. Install Docker Compose. You can follow my documentation [HERE](https://www.notion.so/Docker-35785dd73ba94df398a8d5d35db9e2f8) to install Docker compose seamlessly 4. Ensure Git is installed on the Linux system. you can install Git using the following command: ```bash $ sudo apt-get install git ``` 5. Ensure your system meets the following minimum requirements: - **CPU:** At least 2 cores - **RAM:** Minimum of 4GB - **Storage:** Minimum of 20GB of free disk space ### Initial First, we update the system packages to the latest version: ```bash $ sudo apt-get update $ sudo apt-get upgrade ``` Next, we clone the official MISP Docker repository: ```bash $ git clone https://github.com/MISP/misp-docker.git $ cd misp-docker ``` ## Generating and Applying a Self-Signed SSL Certificate Next, we went ahead to create a self-signed SSL certificate. For better security, it's important to use an Authority signed certificate. Let's follow these steps to successfully create a self-signed SSL certificate First, generate a self-signed SSL certificate to secure communication: ```bash $ mkdir -p ssl/ $ cd ssl $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem ``` After this has been created, in the `docker-compose.yml` file include the following line in the volume section of `misp-core` image : ```yml ... # Add SSL certificates volume mount - "./ssl/cert.pem:/etc/ssl/certs/cert.pem" - "./ssl/key.pem:/etc/ssl/certs/key.pem" ``` ## Configuring environment variables This is where most of our setup would be taken place. The environment variables define various configurations needed for the MISP instance to function correctly. We use a `.env` file to manage these variables. Below is an overview of the `.env` file with the necessary parameters: ```env # General settings MISP_BASEURL=https://your-domain-or-ip MISP_ENV=production # Database settings MYSQL_ROOT_PASSWORD=your_mysql_root_password MYSQL_DATABASE=misp MYSQL_USER=misp MYSQL_PASSWORD=your_mysql_password # SMTP settings EMAIL_HOST=smtp.mandrillapp.com EMAIL_PORT=587 EMAIL_USER=your_mandrill_user EMAIL_PASSWORD=your_mandrill_api_key EMAIL_FROM=your_email@example.com ``` To start, the enviornment variable in the project repository is template.env, we need to cutomize it to suit the deployment needs: ```bash $ cp template.env .env ``` Next, we open the .env file with a text editor and set the necessary variables, such as database credentials, hostnames, and email integration. Based on the scope we implemented Email Integration. We used mandrill for our email integration. The process is quite seamless and easy to set up. In the next section, We'll discuss how to set up the Mandrill for Email integration in our MISP. ## Integrating Mandrill for Email Functionality To enable automated email notifications and updates, we integrated Mandrill for email functionality. Follow these steps to set up Mandrill: 1. Create a Mandrill Account 2. Generate API Keys 3. Configure Mandrill in the `.env` File We add the necessary Mandrill configurations in the .env file: ```env # optional and used by the mail sub-system SMARTHOST_ADDRESS=smtp.mandrillapp.com SMARTHOST_PORT=587 SMARTHOST_USER='CyberSoc Africa' SMARTHOST_PASSWORD='md--N_6n6-xlI4LeoEXhuu1xg' SMARTHOST_ALIASES=*.mandrillapp.com ``` ## Running and Managing the MISP Docker COntainer With all configurations in place, you can now run the MISP Docker containers: ```bash $ docker-compose up -d ``` We can monitor container status with this command: ```bash $ docker ps ``` ## Verifying the Deployment To ensure that your MISP instance is properly set up, follow these steps: 1. Log in to the MISP Web Interface: Use the default credentials to log in. It is recommended to change these credentials immediately after the first login. 2. Check SSL Configuration: Verify that the connection is secure by checking the SSL certificate in your browser. 3. Test Email Functionality: Send a test email from the MISP web interface to ensure that the Mandrill integration is working correctly. By following this guide, you should have a fully functional MISP instance deployed using Docker. This setup ensures secure communication and efficient email notifications, tailored to your organization's needs. ```mermaid graph TD A[CloudRay Server] --> B[File Backups] A --> C[Database Backups] B --> D["/backups/wordpress/wp_user1_files.tar.gz"] B --> E["/backups/wordpress/wp_user2_files.tar.gz"] C --> F["/backups/wordpress/wp_db1.sql.gz"] C --> G["/backups/wordpress/wp_db2.sql.gz"] ```