search

pe3zx / mthc

All-in-one bundle of MISP, TheHive and Cortex
MIT License
169 stars 37 forks source link

Multiple errors with build (e.g. MYSQL+MISP Access denied) #9

Closed BrunoMCBraga closed 4 years ago

BrunoMCBraga commented 4 years ago

Hi

I am currently trying to deploy mthc using the following configuration:

---
version: "2"
services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./certs/:/etc/nginx/certs/
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - mthc

  misp-db:
    image: mysql/mysql-server:5.7
    restart: unless-stopped
    volumes:
      - ./data/misp/db:/var/lib/mysql
    environment:
      - MYSQL_DATABASE=misp
      - MYSQL_USER=misp
      - MYSQL_PASSWORD=4u9thouFETUON
      - MYSQL_ROOT_PASSWORD=4u9rrfbn4FETUON
    networks:
      - mthc

  misp-web:
    build: apps/misp-docker/web
    image: misp:latest
    restart: unless-stopped
    volumes:
      - /dev/urandom/:/dev/random
      - ./data/misp/web:/var/www/MISP
    environment:
      - MYSQL_HOST=misp-db
      - MYSQL_DATABASE=misp
      - MYSQL_USER=misp
      - MYSQL_PASSWORD=4u9thouFETUON
      - MISP_ADMIN_EMAIL=admin@admin.test
      - MISP_ADMIN_PASSPHRASE=4u9thouFETUON
      - MISP_BASEURL=http:\/\/misp\.test
      - POSTFIX_RELAY_HOST=relay.fqdn
      - TIMEZONE=Europe/Brussels
      - VIRTUAL_HOST=misp.ir.local
    networks:
      mthc:
        ipv4_address: 172.16.0.8

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:5.6.0
    environment:
      - http.host=0.0.0.0
      - transport.host=0.0.0.0
      - xpack.security.enabled=false
      - cluster.name=hive
      - script.inline=true
      - thread_pool.index.queue_size=100000
      - thread_pool.search.queue_size=100000
      - thread_pool.bulk.queue_size=100000
    ulimits:
      nofile:
        soft: 65536
        hard: 65536
    ports:
      - "9200:9200"
      - "9300:9300"
    volumes:
      - ./data/elasticsearch:/usr/share/elasticsearch/data
    networks:
      mthc:
        ipv4_address: 172.16.0.9

  cortex:
    image: thehiveproject/cortex:latest
    depends_on:
      - elasticsearch
    expose:
      - "9001"
    volumes:
      - ./conf/cortex.conf:/etc/cortex/application.conf
      - ./apps/Cortex-Analyzers:/opt/Cortex-Analyzers
      - ./data/cortex/:/data
    environment:
      - VIRTUAL_HOST=cortex.ir.local
      - VIRTUAL_PORT=9001
    networks:
      mthc:
        ipv4_address: 172.16.0.11

  thehive:
    image: thehiveproject/thehive:latest
    depends_on:
      - elasticsearch
      - cortex
    expose:
      - "9000"
    volumes:
      - ./conf/thehive.conf:/etc/thehive/application.conf
    environment:
      - VIRTUAL_HOST=thehive.ir.local
      - VIRTUAL_PORT=9000
    networks:
      mthc:
        ipv4_address: 172.16.0.12

networks:
  mthc:
    driver: bridge
    ipam:
      config:
        - subnet: 172.16.0.0/24
          gateway: 172.16.0.2

Yet i am running into a couple of errors such as:

misp-db_1        | [Entrypoint] Starting MySQL 5.7.31-1.1.17
misp-web_1       | Waiting for database to be ready...
misp-web_1       | MYSQL_PASSWORD is set to '4u9thouFETUON'
misp-web_1       | mysql: [Warning] Using a password on the command line interface can be insecure.
misp-web_1       | ERROR 1045 (28000): Access denied for user 'misp'@'172.16.0.8' (using password: YES)
cortex_1         | WARNING: An illegal reflective access operation has occurred
cortex_1         | WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$1 (file:/opt/cortex/lib/com.google.inject.guice-4.1.0.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
cortex_1         | WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$1
cortex_1         | WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
cortex_1         | WARNING: All illegal access operations will be denied in a future release
nginx-proxy_1    | dockergen.1 | 2020/09/04 16:16:22 Received event die for container 0b072982f9d6
mthc_misp-web_1 exited with code 1
nginx-proxy_1    | dockergen.1 | 2020/09/04 16:16:23 Generated '/etc/nginx/conf.d/default.conf' from 6 containers
nginx-proxy_1    | dockergen.1 | 2020/09/04 16:16:23 Running 'nginx -s reload'
nginx-proxy_1    | dockergen.1 | 2020/09/04 16:16:25 Received event start for container 0b072982f9d6
misp-web_1       | Configuring postfix
nginx-proxy_1    | dockergen.1 | 2020/09/04 16:16:26 Generated '/etc/nginx/conf.d/default.conf' from 6 containers
nginx-proxy_1    | dockergen.1 | 2020/09/04 16:16:26 Running 'nginx -s reload'

In the end i get:

BRUBRAGA-M-T2CW:mthc brubraga$ docker ps
CONTAINER ID        IMAGE                                                 COMMAND                  CREATED             STATUS                          PORTS                                            NAMES
f27173d5de4d        thehiveproject/thehive:latest                         "/opt/thehive/entryp…"   About an hour ago   Up About an hour                9000/tcp                                         mthc_thehive_1
44dfe630567d        thehiveproject/cortex:latest                          "/opt/cortex/entrypo…"   About an hour ago   Up About an hour                9000-9001/tcp                                    mthc_cortex_1
0b072982f9d6        misp:latest                                           "/run.sh"                About an hour ago   Restarting (1) 10 seconds ago                                                    mthc_misp-web_1
08c63f9ac2a8        mysql/mysql-server:5.7                                "/entrypoint.sh mysq…"   About an hour ago   Up About an hour (healthy)      3306/tcp, 33060/tcp                              mthc_misp-db_1
1c67dcde4b74        jwilder/nginx-proxy                                   "/app/docker-entrypo…"   About an hour ago   Up About an hour                0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp         mthc_nginx-proxy_1
61130f92b024        docker.elastic.co/elasticsearch/elasticsearch:5.6.0   "/bin/bash bin/es-do…"   About an hour ago   Up About an hour                0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp   mthc_elasticsearch_1

Any idea what is happening here? I have changed misp-web ipv4_address since i was getting address already in use. It should not make much of a difference?

Thanks in advance

pe3zx commented 4 years ago

Hi @BrunoMCBraga. Let's go through one by one.

MySQL and Nginx Errors

The issue is identified on misp-web image where MYSQL_PASSWORD and MISP_ADMIN_PASSPHRASE on docker-compose.yml don't correctly implemeted which resulting as default parameters are used instead. This is known issue. The workaround at this moment is manually update both parameters after the services are started.

When all services are not operating normally due to MISP cannot initialize its database, mthc_misp-web_1 will be terminated and produce errors as seen on nginx-proxy_1 log.

Cortex Error

I haven't found this kind of error yet. Running the same revision on my environment doesn't provide any error. I would recommend to ignore the warning message as long as the services are running fine.

pe3zx commented 4 years ago

Close the issue due to no responding.