Views: 61
Step-by-Step Guide to Install MISP Using Docker on Ubuntu
In this guide, we will walk through the steps to install the MISP (Malware Information Sharing Platform) using Docker on an Ubuntu server.
Prerequisites
Before we begin, make sure your system meets the following requirements:
- Ubuntu Server (LTS versions like 20.04 or 22.04 are recommended)
- Root or sudo access
- Docker and Docker Compose installed
Step 1: Update Your Server and Install Docker
First, ensure your server is updated and install Docker and Docker Compose.
sudo apt update && sudo apt upgrade -y
sudo apt install docker.io -y
sudo apt install docker-compose -y
sudo systemctl enable docker
sudo systemctl start docker
Step 2: Clone the MISP Docker Repository
Now, clone the official MISP Docker repository to get the necessary files.
sudo apt install git -y
git clone https://github.com/MISP/misp-docker.git
cd misp-docker
Step 3: Configure the .env
File
In the root of the cloned repository, you will find a .env
file template. This file contains environment variables used for the MISP Docker setup.
- Copy the template
.env
file:
cp template.env .env
- Open the
.env
file in your preferred text editor:
nano .env
- Update the
BASE_URL
field to match your server’s IP address or domain:
BASE_URL=https://your-server-ip
- Save and close the file.
Step 4: Pull Docker Images and Start Containers
Now, we will pull the necessary Docker images and start the MISP containers.
- Pull the Docker images:
docker-compose pull
- Start the MISP containers:
docker-compose up -d
- Verify that all containers are running:
docker ps
You should see several containers (misp
, misp_db
, redis
, etc.) running.
Step 5: Access MISP
- Open your browser and navigate to the IP address or domain of your server:
https://your-server-ip
- Log in to MISP using the default credentials:
Username: [email protected]
Password: admin
- After logging in, be sure to change the default credentials for security.
Default Page:
Step 6: Enable Persistent Storage (Optional)
To ensure that data persists between container restarts, you can map Docker volumes.
- Open the
docker-compose.yml
file:
nano docker-compose.yml
- Add persistent storage for the database (
misp_db
):
volumes:
- ./db:/var/lib/mysql
- Save the file and restart the containers:
docker-compose down
docker-compose up -d
Step 7: Managing and Updating MISP
To manage and update MISP, you will need to periodically pull updates and restart the Docker containers.
- Pull the latest updates from the repository:
git pull
- Rebuild and restart the containers:
docker-compose pull
docker-compose up -d
Voilà, we have now installed MISP using Docker on Ubuntu server! You can further customize your setup based on your requirements, such as, integrating with other tools, and setting up regular backups.