Open dspruell opened 3 years ago
ventz
commented
3 years ago @dspruell Other than the PHP ini, is there anything else that needs to change/be re-configured on the Redis side?
Since Redis is included, if not -- this should be a very small/easy change, with potentially a great benefit. I have not tried it out, but it seems reasonable and logical.
dspruell
commented
3 years ago That's all I think I've come across so far. One other thing I noticed was that the redis server appeared to be listening on 0.0.0.0 rather than 127.0.0.1. I think it may be a combination of these lines, and that this probably exposes it to remote hosts.
# 80/443 - MISP web server, 3306 - mysql, 6379 - redis, 6666 - MISP modules, 50000 - MISP ZeroMQ
EXPOSE 80 443 3306 6379 6666 50000
sed -i -e "s/bind 127.0.0.1 ::1/bind 0.0.0.0/" /etc/redis/redis.conf ; \Does it make sense to tighten this down?
ventz
commented
3 years ago @dspruell If it doesn't break things.
Things have been a bit "in limbo" from our side since covid in terms of teams/people available.
My plan is to re-build this whole project with Ubuntu 20.04 and using layers and many new/modern things. (much smaller end image, faster, easier to use, composer, etc)
The default PHP setup for session storage appears to cause problems in terms of session timeouts in some configurations, and the MISP project's recommendation appears to be to configure PHP to use Redis as the session store. This appears to be referenced in the documentation for the Session.defaults setting in MISP:
Also on this Gitter thread, the guidance is given in response to inquiry about unexpected timeout behavior:
https://gitter.im/MISP/Support?at=60495fe1d1aee44e2dda4b46
This appears to be missing from install documents today, but I'm asking about that. Could this change be made to the docker-misp image?