Hey, thanks for creating this repo, works great.

I'm trying to setup HTTPS/SSL as you've mentioned in your readme:
"deploy reverse proxy (for example nginx) before MISP to handle HTTPS connections."

But I'm unaware how, and could use a bit of guidance. I've tried adding an nginx service to my docker-compose file, and i get served the nginx welcome page succesfully.

What do i do from here? I've got my .pem and cert files, but I'm not sure where to put them, nor how I point nginx to the misp service in my compose file. Do i need an nginx config file?

Is there a guide or hint or a best-practice you can point me towards?

Thanks in advance,

Hello,

First of all thanks for this doc, it works well on my side. I have installed it on centos and enable ssl via nginx.

I have trobulesoem to access misp in multiple session from different computer and users.

worker connections in nginx set as 1024

could you helpt me to resolve this issue ?

Thanks

The correct URL is: https://www.virustotal.com/gui/ip-address/ not https://www.virustotal.com/gui/ip_address/

Not sure if that's a MISP Module issue or a Virustotal one.

Hi,
I am in the process of setting up MISP at our company. So far everything is going great. Now I wanted to set up MISP modules. Unfortunately, I do not know what I should enter at MISP_MODULE_URL. Can anyone of you tell me?
In the readme here I have unfortunately found nothing specific.

Thanks

I am trying to setup your docker container on 2 different servers with a shared storage attached for the directories required.

I have some issue with when the database is created by the intial setup, and then when I start the second container on the other server that it breaks (i think) on the database creation script. Is there a way to say to not create the database if it exists?

root      900812  356782  0 13:01 ?        00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip 127.0.0.1 -host-port 50000 -container-ip 172.18.0.3 -container-port 50000
root      900824  356782  0 13:01 ?        00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip 127.0.0.1 -host-port 8080 -container-ip 172.18.0.3 -container-port 80
root      900839       1  0 13:01 ?        00:00:00 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 
root      900860  900839  0 13:01 ?        00:00:00 bash /usr/local/bin/docker-entrypoint.sh supervisord -c /etc/supervisord.conf
48        900933  900860  0 13:01 ?        00:00:00 python3 /usr/local/bin/misp_create_database.py XX.XX.XX.XX misp misp /var/www/MISP/INSTALL/MYSQL.sql

I see this in the processes and the container keeps restarting endless.

this is my docker file:

version: '3.3'

services:
  misp-modules:
    image: ghcr.io/nukib/misp-modules:latest
    restart: always
    container_name: misp-modules

  misp:
    image: ${MISP_IMAGE-ghcr.io/nukib/misp:latest}
    restart: always
    container_name: misp
    tmpfs:
      - /tmp
    volumes:
      - /mount/nfs/MISP/app/files/certs:/var/www/MISP/app/files/certs
      - /mount/nfs/MISP/app/attachments:/var/www/MISP/app/attachments
      - /mount/nfs/MISP/app/tmp/logs:/var/www/MISP/app/tmp/logs
      - /mount/nfs/MISP/.gnupg:/var/www/MISP/.gnupg
    environment:
      MYSQL_HOST: xx.xx.xx.xx
      MYSQL_LOGIN: misp
      MYSQL_PASSWORD: XXX
      MYSQL_DATABASE: misp
      REDIS_HOST: xx.xx.xx.xx
      REDIS_PASSWORD: "XXX"
      MISP_BASEURL: https://xx.xx.com
      MISP_UUID: XXX
      MISP_ORG: XXX
      MISP_MODULE_URL: http://misp-modules
      SMTP_HOST: XXX
      MISP_EMAIL: [email protected]
      SECURITY_SALT: XXX"
      ZEROMQ_ENABLED: "yes"
      SECURITY_CRYPTO_POLICY: FUTURE
      SECURITY_ENCRYPTION_KEY: "XXX"
    ports:
      - 127.0.0.1:8080:80
      - 127.0.0.1:50000:50000

is there anything special i need to do to make this work?

This looks really great! My issue is - as written, I don't think the instructions work without a reverse proxy, as opposed to needing to set one up for production use. If I follow the intro instructions, when you log in with the default credentials I see a redirect to https://localhost - which of course then fails.

If you set 'force_https' as false in config.php this lets you log in successfully, but I don't think this is the right answer - I think a better solution would be to suggest deploying a reverse proxy from the outset/adding a possible reverse proxy config?

I'm going to try this for my own instance, look forward to seeing this develop - if it would be helpful I could propose a reverse proxy config?

I just deployed on a Fedora 38 install running podman rootless and podman-compose, it all deployed successfully however when I go into MISPs 'Server Settings & Maintenance' I'm receiving the following errors.

/var/www/MISP/app/files…Directory is not writeable
/var/www/MISP/app/Config/config.php…File is not writeable
/var/www/MISP/.git/ORIG_HEAD…File not found

When inspecting the docker-compose.yml file I noticed that it doesn't appear to be mounting any volume of directory into the misp container, is this correct?
Are these errors fixable?

Hi @ondj,

can we add a config variable which defines the user id for jobber tasks (.jobber)?
I have a setup where all users must be authenticated using oidc so i had to delete the initial created admin user.

If this is ok for you, I will implement this and create a pull request.
When not, please let me know if there is another solution.

Have put up a new container and set up a accompanying reverse proxy. Trying out misp for the first time.

Followed the instructions for a production environment.

When I try pressing the button for "load default feed metadata" on Feeds page. I get an error.

An Internal Error Has Occurred.

Error: An Internal Error Has Occurred. Please try your action again. If the problem persists, please contact administrator.

Anyone know what has gone wrong?

I'm attempting to set up OIDC with misp, but I'm running into this error after authenticating with my IdP in the browser:

OAuth Error
error="invalid_client", error_description="Client's registered request object signing algorithm (null) does not match request object's actual algorithm (HS256)"

My OIDC configuration in my docker-compose.yml is as follows:

      OIDC_LOGIN: true
      OIDC_PROVIDER: https://iris-iam.stfc.ac.uk
      OIDC_CLIENT_ID: <redacted_client_id>
      OIDC_CLIENT_SECRET: <redacted_client_secret>
      OIDC_AUTHENTICATION_METHOD: client_secret_basic
      OIDC_CODE_CHALLENGE_METHOD: plain
      OIDC_CLIENT_CRYPTO_PASS: ChangeMeForProduction101

I've spoken with the admin of my IdP and have been assured that there is no use of the HS256 algorithm in the IdP, so the requirement for this must be coming from Misp - but I haven't used any settings that would require encryption, as far as I can tell. Is there an implicit requirement for encrypted cookies in Misp and if so, how can I turn that off?

It may be unrelated but in my attempt to remove settings related to encryption of cookies, I omitted the OIDC_CLIENT_CRYPTO_PASS setting, which is said to be optional in the docs on OIDC. However when I do that I get this error from the misp container logs:

ERROR: OIDC login is enabled, but 'OIDC_CLIENT_CRYPTO_PASS' environment variable is not set

I'd be grateful for any support on this!

after starting all links in the web interface have localhost:8081(doesn't exist) port instead of localhost:8080

Hi,
I am struggling to make it work and fetch feeds

OS: redhat 8.80
Env:

• behind proxy with SSL inspection
• curl to URL is ok by executing it inside the container.
  Result:
• warning: error:1408F10B:SSL routines:ssl3_get_record:wrong version number in [/var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Network/CakeSocket.php

Sep 27 14:27:34 0323e4204a28 MISP: warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
Sep 27 14:27:34 0323e4204a28 MISP: warning: error:1408F10B:SSL routines:ssl3_get_record:wrong version number in [/var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Network/CakeSocket.php, line 504]
Sep 27 14:27:34 0323e4204a28 MISP: error: Could not get freetext feed 17
Sep 27 14:27:34 0323e4204a28 MISP: error: [Exception] Fetching the 'https://cinsscore.com/list/ci-badguys.txt' failed with exception: Unable to perform enableCrypto operation on CakeSocket
Sep 27 14:27:34 0323e4204a28 MISP: error: Stack Trace:
Sep 27 14:27:34 0323e4204a28 MISP: error: #0 /var/www/MISP/app/Model/Feed.php(343): Feed->feedGetUriRemote()
Sep 27 14:27:34 0323e4204a28 MISP: error: #1 /var/www/MISP/app/Model/Feed.php(382): Feed->getFreetextFeedRemote()
Sep 27 14:27:34 0323e4204a28 MISP: error: #2 /var/www/MISP/app/Model/Feed.php(1190): Feed->getFreetextFeed()
Sep 27 14:27:34 0323e4204a28 MISP: error: #3 /var/www/MISP/app/Console/Command/ServerShell.php(404): Feed->downloadFromFeedInitiator()
Sep 27 14:27:34 0323e4204a28 MISP: error: #4 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Console/Shell.php(459): ServerShell->fetchFeed()
Sep 27 14:27:34 0323e4204a28 MISP: error: #5 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Console/ShellDispatcher.php(222): Shell->runCommand()
Sep 27 14:27:34 0323e4204a28 MISP: error: #6 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Console/ShellDispatcher.php(66): ShellDispatcher->dispatch()
Sep 27 14:27:34 0323e4204a28 MISP: error: #7 /var/www/MISP/app/Console/cake.php(45): ShellDispatcher::run()
Sep 27 14:27:34 0323e4204a28 MISP: error: #8 {main}[SocketException] Unable to perform enableCrypto operation on CakeSocket

There are 3 SQL-passwords in the compose file that are set to "password".
If I change them to anything else, even if it's just to "passwordd" or something, the "misp" container gets stuck at restarting (yes I changed all 3 to the same value).
The other containers (redis, sql, modules) seem to boot normally.
Either I'm doing something wrong or "password" is harcoded at some other point.
Changing any other parameter works flawlessly.

Im trying to deploy MISP on kubernetes but im unable to get it working with runAsNonRoot: true and allowPrivilegeEscalation: false under the user apache (48).

The resons seems to be that something in the entrypoint changes the .gnupg folder persmissions to root:root even after setting it to apache:apache in a initContainer:

1. I create an initContainer and copy contents of /var/www/MISP to /var/www/MISP2
2. Then I run chown -R apache:apache /var/www/MISP2
3. After that I mount MISP2 as MISP inside the pod itself.

.gnupg should be owned by apache but it's not. I receive a permission denied error on the line chown -R apache:apache /var/www/MISP/.gnupg

How to fix this? Thnaks

in docker-compose.yml
line 55: MYSQL_PASSWORD: password # Please change for production
please add a comment "# Please change for production" as well to line 15, without change on both place I got following error in misp container and could not start the container:
2023-07-27 12:44:22 2023-07-27 10:44:22,030 - INFO: Waiting for database connection...
2023-07-27 12:44:22 2023-07-27 10:44:22,030 - INFO: (1045, "Access denied for user 'misp'@'172.21.0.5' (using password: YES)")
2023-07-27 12:44:23 2023-07-27 10:44:23,032 - INFO: Waiting for database connection...
2023-07-27 12:44:23 2023-07-27 10:44:23,032 - INFO: (1045, "Access denied for user 'misp'@'172.21.0.5' (using password: YES)")
2023-07-27 12:44:24 2023-07-27 10:44:24,033 - INFO: Waiting for database connection...

Hello. How can I use openrelay server without STARTTLS?

Hello,
/!\ Please Note : being on RH8, I'm using Podman, but the functionning is quite similar to Docker

I'm having troubles with my MISP container.
When I am using sudo podman-compose up -d, and then sudo podman-compose ps, here is the prompt :

The MISP container appears as unhealthy.

So I check the reason with sudo podman inspect --format "{{json .State.Health }}" misp | jq '.Log[].Output' :

And the prompt tells a 403 Forbidden error.

I thought it may be a proxy issue as I'm trying to deploy it in a company infrastructure.
So I edited the Podman's config file (/usr/share/containers/containers.conf) to enable http_proxy=true, but it didn't resolve the issue.

Do you guys have any idea about what it could be ?

Thank you.

Hi,

Attempting to integrate wit Azure AD and noticed the following are commented out in the misp.conf

    #OIDCRemoteUserClaim email
    #OIDCScope "openid email"

Looking at the OIDC Apache guides for Azure AD it should be;

    OIDCRemoteUserClaim upn
    OIDCScope "openid email"

However; once a valid token and email are returned from Azure AD the user is not authenticated with MISP

==> /var/log/httpd/access_log <==
172.18.0.1 - [email protected] [04/Feb/2022:10:23:09 +0000] "GET /oauth2callback?code=<redacted>&state=<redacted>&session_state=73387062-014c-4b93-9f97-df0d47598aa0 HTTP/1.1" 302 206 "-"
==> /var/log/httpd/error_log <==
[Fri Feb 04 10:23:25.308737 2022] [authz_core:error] [pid 419:tid 140012225931008] [client 172.18.0.1:39032] AH01631: user [email protected]: authorization failure for "/":

I've enabled MISP debug and don't see any errors within the logs.. any idea where i'm going wrong?

Hello all,

We are testing the MUKIB MISP container in Azure container instances however, whenever there is a container restart, MISP will NOT come back automatically since the following files (config.php,database.php,email.php) in the Config directory are now read-only after a succesfull start. I was wondering how other users have resolved this issue and what is the proper way to handle this situation.

Please note that the configuration directory (/var/www/MISP/app/Config/) is a mounted volume in an external storage account.

Best regards,
George.

Hello,

I'm facing a strange issue with OIDC. After what appears to be a successful authentication against the OIDC provider, I end up in a redirect loop, resulting in the browser throwing a 'too many redirects' error. In the apache logs, I can see this loop repeating:

...
... [auth_openidc:error] ... oidc_restore_proto_state: no "mod_auth_openidc_state_DVZRgAI5nzoxvAJ6EO-TOg" state cookie found: check domain and samesite cookie settings
... [auth_openidc:error] ... oidc_authorization_response_match_state: unable to restore state
... [auth_openidc:warn]  ... oidc_handle_authorization_response: invalid authorization response state; a default SSO URL is set, sending the user there: http://<MISP_BASE_URL>
...

I have confirmed that this only occurs after successful authorisation of the user - if they do not have the correct claims in their JWT they land on the correct 'permission denied' page, accompanied with a log, which is to be expected:

... [authz_core:error] ... user <id>@<url_of_idp>: authorization failure for "/":

It appears that this is a problem with the way mod_auth_openidc is used, in particular it appears that the state cookie is not able to be found (is it deleted too early for some reason?), or there is some problem with redirects after a successful authentication.

Anyone know why this could be happening?

My relevant config:

In docker-compose.yml:

PHP_SESSIONS_COOKIE_SAMESITE: Strict
MISP_BASEURL: http://<MISP_host>:8080
OIDC_LOGIN: true
OIDC_PROVIDER: https://<OIDC_provider_url>/.well-known/openid-configuration
OIDC_CLIENT_ID: 👾
OIDC_CLIENT_SECRET: 👾
OIDC_AUTHENTICATION_METHOD: client_secret_jwt
OIDC_CLIENT_CRYPTO_PASS: 👾
OIDC_CODE_CHALLENGE_METHOD: S256

In misp.conf:

...
    {% if OIDC_LOGIN %}
    OIDCProviderMetadataURL {{ OIDC_PROVIDER }}
    OIDCRedirectURI {{ MISP_BASEURL }}/oauth2callback
    OIDCCryptoPassphrase {{ OIDC_CLIENT_CRYPTO_PASS }}
    OIDCClientID {{ OIDC_CLIENT_ID }}
    OIDCClientSecret {{ OIDC_CLIENT_SECRET }}
    OIDCDefaultURL {{ MISP_BASEURL }}
    OIDCCookieSameSite On
    OIDCCookieDomain <MISP_host>
    OIDCCookiePath /
    OIDCStateTimeout 300
    OIDCProviderTokenEndpointAuth {{ OIDC_AUTHENTICATION_METHOD }}
    {% if OIDC_CODE_CHALLENGE_METHOD %}
    OIDCPKCEMethod {{ OIDC_CODE_CHALLENGE_METHOD }}
    {% endif %}
    OIDCScope "openid email profile"
...

The OIDCCookie settings are suspect to me due to the error message, but I've tried changing them and not had any luck so far.

Note I have also made the changes described in this comment to use the groups claim rather than roles.

Hello!

I see that the last build of the image is for MISP version 2.4.168. 2.4.169 has been released and 2.4.170 is most likely released in the coming days.

How is the builds triggered? Could the latest version be built?
Thanks

Hi, I've been debugging this issue for a while, originally I thought it might be due to docker mysql issues however I have ran numerous benchmarks and this does not appear to be the case.

Steps to reproduce:

1. https://--your-misp--/attributes/search
2. Search for 1,000 IP addresses (new line separated)
3. Page hangs, no errors in the log

-- or--

1. https://--your-misp--/attributes/search
2. Search for 200 IP addresses (new line separated)
3. Results take 20-25 seconds to load

I have tested on another MISP instance (Not docker) and the response is returned in less that a second successfully, even though the other MISP instance has a lot more feeds and attributes stored.

Has anyone come across this?

Hi all,

Does anyone know, why it's failing to download specific blob from misp-modules while running docker-compose pull:

⠏ misp-modules Pulling 66.7s
⠿ 6c5de04c936d Pull complete 8.5s
⠙ 0d557d32f54e Download complete 66.0s
⠙ 55d781094d60 Download complete 66.0s
⠙ dc7e90b007d6 Verifying Checksum 66.0s
⠙ c55d450a0fa9 Download complete 66.0s
⠙ 735ae0ea3307 Waiting 66.0s
⠙ db74472f12f5 Download complete 66.0s
⠙ b8dd669ecdfe Waiting 66.0s
⠙ 677740609ca5 Download complete 66.0s
filesystem layer verification failed for digest sha256:17facd475902d6709cff908630b59271c7ad18f64c3a1d0143d438c6988504ef

Banging head to the wall for some days already.
Running behind proxy, but proxy logs does not show any blocked requests.

Regards,
Donatas

When I try to access MISP over API, with OICD configured I get 403.

• I have tried with fresh auth keys, and even with MISP's own REST client in the web UI

Apache logs this:

{
  "@timestamp.nanos": 319537,
  "file": "[censored]",
  "headers": {
  },
  "host": "worker01-misp_vector",
  "loghost": "worker01-misp_misp",
  "message": "[censored] [censored] - [05/May/2022:08:58:34 +0000] "POST /events/index HTTP/1.1" 403 954 "-" "python-requests/2.27.1"",
  "message_key": null,
  "offset": 449880,
  "partition": 2,
  "severity": "info",
  "source_type": "misp",
  "tag": "apache-access"
}

My request header:

{'Authorization': 'xxx', 'Content-Type': 'application/json', 'Accept': 'application/json'}

Do you have any idea what could course this?

First time i try containerised MISP. So i pulled the docker-compose.yml with the curl command you specified into an empty directory.
Changed:

• MYSQL_PASSWORD (2x)
• MYSQL_ROOT_PASSWORD
• MISP_BASEURL
• MISP_UUID
• MISP_ORG
• MISP_EMAIL
• SECURITY_SALT.

And the ports section to - 127.0.0.1:8003:80 which my nginx https reverse proxy points to.

I launched docker-compose up which initialised everything correctly as far as i can see, but misp container stays unhealthy and does not start correctly.

docker-compose up console shows:

misp          | 2023-02-02 08:15:22,366 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp          | 2023-02-02 08:15:22,367 INFO exited: php-fpm (exit status 78; not expected)

Inside the misp container /var/log/php-fpm/error.log

[02-Feb-2023 08:12:14] ERROR: [pool www] failed to read the ACL of the socket '/run/php-fpm/www.sock': Operation not supported (95)
[02-Feb-2023 08:12:14] ERROR: FPM initialization failed

Didi i miss something ?

Additional info:
OS: VMware Photon OS 5.0
Docker: Docker version 20.10.14, build a224086

Hi,

I was writing you because I'm trying to set up a NGINX in front of MISP in order to manage HTTPS connections.

I have done the next steps:

1. Update the base_url in MISP configuration to http://localhost:8080/misp-play

[root@4699e16b4a65 MISP]# /var/www/MISP/app/Console/cake Admin getSetting "MISP.baseurl"
{
    "level": 0,
    "description": "The base url of the application (in the format https:\/\/www.mymispinstance.com or https:\/\/myserver.com\/misp). Several features depend on this setting being correctly set to function.",
    "value": "http:\/\/localhost:8080\/misp-play",
    "errorMessage": "The currently set baseurl does not match the URL through which you have accessed the page. Disregard this if you are accessing the page via an alternate URL (for example via IP address).",
    "test": "testBaseURL",
    "type": "string",
    "null": true,
    "tab": "MISP",
    "setting": "MISP.baseurl"
}

2. Created a location in nginx to access the path:

    location /misp-play {
        proxy_pass http://127.0.0.1:8088/misp-play;
        proxy_pass_request_headers on;
    }

My problem is when trying to access it redirects me to the url without the location and access fails: http://localhost:8080/users/login

Could you help me?

Best,
Alberto.

Hello,

Is there a way to activate modules/plugins using Env variables in the docker-compose?

Thank you in advance,

Rgds

Hi all,

Not sure if this counts as a totally new issue or rather a follow on to OIDC Integration #20. I'm trying to integrate with Okta and not having success. I have tried many variations of config changes based on the discussions in #20 and also some other suggestions found online. I am brand new to this and I don't know enough to know if the lack of success is due to something on the Okta side or the OIDC integrations itself.

As the situation stands now, I am redirected to Okta to authenticate and the Okta app appears to be configured correctly to provide the required role claim. From /var/log/httpd/error.log:

oidc_util_set_app_info: setting environment variable "OIDC_CLAIM_roles: misp-access", referer:...

And there are log entries that appear to show successful authorization based on the role. Again from error.log:

mod_authz_core.c(820): [client 192.168.X.X:15786] AH01626: authorization result of Require claim roles:misp-access: granted

However, then there are later log entries further on that that appear to show authorization failed.

mod_authz_core.c(820): [client 192.168.X.X:2782] AH01626: authorization result of Require claim roles:misp-access: denied (no authenticated user yet)

After authenticating with Okta, the web UI redirects to an error page that says:

`
An Internal Error Has Occurred.

Error: An Internal Error Has Occurred. Please try your action again. If the problem persists, please contact administrator.
`

In /var/www/MISP/app/tmp/logs/error.log, there are the following log entries:

2022-10-31 22:02:39 Error: [JakubOnderka\ErrorResponse] Error 'invalid_client' received from IdP: The audience claim for client_assertion must be the endpoint invoked for the request. Request URL: /users/login Stack Trace: #0 /var/www/MISP/app/Vendor/jakub-onderka/openid-connect-php/src/OpenIDConnectClient.php(890): JakubOnderka\OpenIDConnectClient->endpointRequest() #1 /var/www/MISP/app/Vendor/jakub-onderka/openid-connect-php/src/OpenIDConnectClient.php(555): JakubOnderka\OpenIDConnectClient->requestAuthorization() #2 /var/www/MISP/app/Plugin/OidcAuth/Lib/Oidc.php(22): JakubOnderka\OpenIDConnectClient->authenticate() #3 /var/www/MISP/app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php(32): Oidc->authenticate() #4 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Controller/Component/AuthComponent.php(772): OidcAuthenticate->authenticate() #5 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Controller/Component/AuthComponent.php(612): AuthComponent->identify() #6 /var/www/MISP/app/Controller/UsersController.php(1214): AuthComponent->login() #7 [internal function]: UsersController->login() #8 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Controller/Controller.php(499): ReflectionMethod->invokeArgs() #9 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction() #10 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke() #11 /var/www/MISP/app/webroot/index.php(99): Dispatcher->dispatch() #12 {main}

Again, I have tried many different configuration variations both within the Okta app as well as with the MISP instance. Would anyone have thoughts on what the issue might be?

Hello,

I am trying to set up MISP as a stack inside Portainer. The only other stack running is OpenCTI which is running properly. When using the default docker compose file and only changing the port on lines 58 and 66 from 8080 to 8000 the misp module is unable to start properly and produces the below output. Could you please tell me what I am doing wrong? I changed the port because 8080 is in use by OpenCTI.

Thank you.

======================================
MISP develop container image provided by National Cyber and Information Security Agency of the Czech Republic
In case of any problem with this image, please fill issue at https://github.com/NUKIB/misp/issues
======================================
Warning: 'SECURITY_SALT' environment variable should be at least 32 chars long
Setting system policy to DEFAULT:NO-SHA1
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
No syntax errors detected in /var/www/MISP/app/Config/config.php
No syntax errors detected in /var/www/MISP/app/Config/database.php
No syntax errors detected in /var/www/MISP/app/Config/email.php
�
K
[12-Sep-2023 17:15:43] NOTICE: configuration file /etc/php-fpm.conf test is successful
2023-09-12 17:15:43,503 - INFO: Connecting to MySQL server mysql:3306
2023-09-12 17:15:43,505 - INFO: Waiting for database connection...
2023-09-12 17:15:43,505 - INFO: (1045, "Access denied for user 'misp'@'10.0.18.4' (using password: YES)")
2023-09-12 17:15:44,506 - INFO: Waiting for database connection...
2023-09-12 17:15:44,506 - INFO: (1045, "Access denied for user 'misp'@'10.0.18.4' (using password: YES)")
2023-09-12 17:15:45,507 - INFO: Waiting for database connection...
2023-09-12 17:15:45,507 - INFO: (1045, "Access denied for user 'misp'@'10.0.18.4' (using password: YES)")
2023-09-12 17:15:46,508 - INFO: Waiting for database connection...
2023-09-12 17:15:46,508 - INFO: (1045, "Access denied for user 'misp'@'10.0.18.4' (using password: YES)")
2023-09-12 17:15:47,509 - INFO: Waiting for database connection...
2023-09-12 17:15:47,509 - INFO: (1045, "Access denied for user 'misp'@'10.0.18.4' (using password: YES)")
2023-09-12 17:15:48,510 - INFO: Waiting for database connection...
2023-09-12 17:15:48,510 - INFO: (1045, "Access denied for user 'misp'@'10.0.18.4' (using password: YES)")
2023-09-12 17:15:49,511 - INFO: Waiting for database connection...
2023-09-12 17:15:49,511 - INFO: (1045, "Access denied for user 'misp'@'10.0.18.4' (using password: YES)")
2023-09-12 17:15:50,512 - INFO: Waiting for database connection...
2023-09-12 17:15:50,512 - INFO: (1045, "Access denied for user 'misp'@'10.0.18.4' (using password: YES)")
2023-09-12 17:15:51,513 - INFO: Waiting for database connection...
2023-09-12 17:15:51,513 - INFO: (1045, "Access denied for user 'misp'@'10.0.18.4' (using password: YES)")
2023-09-12 17:15:52,513 - ERROR: Could not connect to database server mysql:3306
(1045, "Access denied for user 'misp'@'10.0.18.4' (using password: YES)")

Hi I am using podman for first time but seems familiar with docker, well I am using nukib image in CentOS8, while in docker is all working as needed when I try to launch misp with podman I get the following error: " INFO: (2003, "Can't connect to MySQL server on 'mysql:3036' ([Errno -2] Name or service not known)")'"

I am using the exact same original image but i don't get thing to work.

When I expose mariadb port I can connect and see the database, but misp module for some reason ins't working.

Hi all,

Getting an error with the OIDC plugin when I use it with keycloak. I have everything configured as the docs suggest, and I can see that the jwt contains all the correct information, including the role misp-access.

Here's the error:

Error: [JakubOnderka\OpenIDConnectClientException] Code verifier from session is empty
Request URL: /users/login?state=MsH45VzRfjND2KsXGrN7QQ&session_state=b80f2bca-3fe6-47c6-9335-3b89de0d8226&code=ecc741e8-7ed2-4edb-8fea-1dacc6a01d9b.b80f2bca-3fe6-47c6-9335-3b89de0d8226.c4d5b0c4-c00a-4cfe-9477-f2ff2469fed9
Stack Trace:
#0 /var/www/MISP/app/Vendor/jakub-onderka/openid-connect-php/src/OpenIDConnectClient.php(466): JakubOnderka\OpenIDConnectClient->requestTokens()
#1 /var/www/MISP/app/Plugin/OidcAuth/Lib/Oidc.php(22): JakubOnderka\OpenIDConnectClient->authenticate()
#2 /var/www/MISP/app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php(33): Oidc->authenticate()
#3 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Controller/Component/AuthComponent.php(772): OidcAuthenticate->authenticate()
#4 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Controller/Component/AuthComponent.php(612): AuthComponent->identify()
#5 /var/www/MISP/app/Controller/UsersController.php(1211): AuthComponent->login()
#6 [internal function]: UsersController->login()
#7 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Controller/Controller.php(499): ReflectionMethod->invokeArgs()
#8 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction()
#9 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke()
#10 /var/www/MISP/app/webroot/index.php(99): Dispatcher->dispatch()
#11 {main}

I'm not an expert in OIDC, but I found a good explainer of the PKCE flow here: https://frameworks.readthedocs.io/en/latest/spring-boot/spring-boot2/keycloakOAuth2PKCE.html - this suggests that the code verifier the plugin cannot find should be created by the client at the start of the flow. I'm not sure how it could go missing. Perhaps I'm just missing a setting in keycloak, does anyone know what might be the cause?

Hello,
just wanted to point out that the build breaks if you chose rocky linux 8 as base image because builddep and findutils are missing from the official image ( https://hub.docker.com/r/rockylinux/rockylinux ).
It looks like that installig those two library solve the issue.

GL

Hello,

The purpose of this issue is to avoid other people wasting as much time that I've waste investigating on an issue related to AzureAD authentication. I hope posting like this respect the rules ; otherwise sorry for that.
First of all, note that I've been enabling AAD through an integration for which I've created a pull request but that hasn't been accepted for the moment - still it definitely works. It implements the Azure AD plugin from official MISP repo. But it could also been happening with the OIDC auth provided by NUKIB, so either you are going for AAD or OIDC, I want to provide the workaround for this issue - I hope it will benefits at least someone.

The problem for me was about Session ID. It is actually stored in the browser in the MISP-session-xxxx cookie. The issue is that when you are going to the login.microsoftonline.com thing and you are sent back to MISP, the cookie is disappearing and Session ID is renewed. Because of this, MISP is never able to validate the authentication workflow. Indeed, this condition in the source-code of AAD plugin is never satisfied, and so you are never asking for a token, and so never logged in.

The workaround for this is REALLY EASY, but it took me so long to figure out what was the source of the problem (all this Session ID and cookie things). The problem is actually that this MISP-session-xxxxx cookie has its SameSite set to Strict which makes that as soon as you're leaving MISP to go into Microsoft workflow, you are loosing the cookie. This explains why the workflow is either not working at all, or sometimes you have to press the "Login with Azure AD" button twice.

The solution is: setting this cookie to have SameSite=Lax (PHP_SESSIONS_COOKIE_SAMESITE: "Lax" in docker-compose.yml). What is strange is that NUKIB as actually an environment variable for this (PHP_SESSIONS_COOKIE_SAMESITE) but never explains that it's mandatory... Maybe I've been missing or misunderstanding something.

Hope it will help someone.

Could not get misp container to running state. Could you please give me a hint where my error in docker-compose.yml is?

using the original github docker-compose.yml
MISP_BASEURL: http://localhost:8080
MISP_UUID: 0a674a5a-c4cb-491d-80cf-5adb48b5c1cd # Please change for production
MISP_ORG: Testing org # Please change for production
MISP_MODULE_URL: http://misp-modules
MISP_EMAIL: [email protected] # Please change for production

docker-compose start
Starting mysql ... done
Starting redis ... done
Starting misp-modules ... done
Starting misp ... done_

docker-compose ps
Name Command State Ports
misp /usr/local/bin/docker-entr ... Exit 1
misp-modules /home/misp-modules/.local/ ... Up (health: starting) 6666/tcp
misp-mysql docker-entrypoint.sh mariadbd Up 3306/tcp
misp-redis docker-entrypoint.sh redis ... Up 6379/tcp

Logs:
misp | Warning: 'SECURITY_SALT' environment variable should be at least 32 chars long
misp | Traceback (most recent call last):
misp | File "/usr/local/bin/misp_create_configs.py", line 398, in
misp | main()
misp | File "/usr/local/bin/misp_create_configs.py", line 352, in main
misp | uuid.UUID(variables["MISP_UUID"])
misp | File "/usr/lib64/python3.9/uuid.py", line 177, in init
misp | raise ValueError('badly formed hexadecimal UUID string')
misp | ValueError: badly formed hexadecimal UUID string
misp exited with code 1

Hi @ondj,

the docker build currently fails:

#18 18.01 + dnf builddep -y --setopt=tsflags=nodocs --setopt=install_weak_deps=False packaging/rpm/jobber.spec
#18 18.09 No such command: builddep. Please use /usr/bin/dnf --help
#18 18.09 It could be a DNF plugin command, try: "dnf install 'dnf-command(builddep)'"
------
executor failed running [/bin/sh -c bash /build/misp_compile_jobber.sh]: exit code: 1

I've fixed this by adding the following line to /build/misp_compile_jobber.sh (line 19)

dnf install -y --setopt=tsflags=nodocs --setopt=install_weak_deps=False 'dnf-command(config-manager)'

see: https://www.misp-project.org/2023/02/20/Critical_SQL_Injection_Vulnerabilities_Fixed.html/

can this be addressed?

Hi,

I'm attempting to use OIDC for authentication on MISP. I understand MISP by default requires the roles claim for role mapping, but unfortunately the IdP I'm using cannot populate the JWT with a roles claim. It instead provides a groups claim to achieve the same goal. So far I have set up misp and misp/admin groups which I intend to map to the misp-access and misp-admin roles.

Is it possible to use this groups claim instead of the roles claim? In what way would I need to customise the image to achieve this? Any support would be greatly appreciated 🙂.

Scenario: attempting to create a scalable, HA cluster, i'm using a backing MISP database with both a read/write instance and a read-only replica. My intent is to use a rev proxy/load balancer in front of environment to route API requests (like /events/restSearch or /attributes/restSearch) to the containers that are looking at the read replicas. I call these the API-only containers. Then programmatic queries to the instance won't affect the human analysts being routed to the "normal" MISP containers which point to the read/write instance of the MYSQL_HOST. Everything else gets routed to a normal container with a MYSQL_HOST pointing to the r/w db instance.

However, the issue I'm finding is that the containers pointed to the read replicas are still picking up jobs that have been initiated like fetch feed jobs. They fetch fine, but then try to save the "completed" state to the db replica which doesn't work (and gets an error about the SQL host being in read-only mode). I tried setting the REDIS_HOST envvar on those API containers to a fake host so they wouldn't pick up the jobs (thinking redis wouldn't be useful for those containers), but then the container just repeatedly restarts b/c it can't reach a valid redis host.

Additionally, I set all the JOBBER_ time string envvars to blank so no jobs would run on the API containers. However, the issue persists and the API-only containers still read jobs from redis, run the jobs, then fail to save the state.

Any idea how this can be resolved?

Hello,
is there any way to implement LDAP/LDAPS auth without bypassing the default MISP login screen and without using basic auth as a substitute ?

The tutorial listed below doesn't work since the rh-php72-php-ldap package is unavailable on centos 8. Also the PHP version in this projects image is newer.
https://www.circl.lu/doc/misp/appendices/

Would be really grateful for any help.

As the title says, when I pull down and run the Docker container I'm having an issue where the webpage cannot be curled locally on the host or via another computer. I keep getting connection refused or rejected when trying to hit the MISP base URL. Any thoughts on how this could be happening?

I've repeatedly started from scratch, only installed docker and docker compose. Then pulled them down and I'm not seeing what I'm doing different vs what the instructions state to do.

No syntax errors detected in /var/www/MISP/app/Config/config.php
No syntax errors detected in /var/www/MISP/app/Config/database.php
No syntax errors detected in /var/www/MISP/app/Config/email.php
Syntax OK
[15-Sep-2023 16:03:10] NOTICE: configuration file /etc/php-fpm.conf test is successful

2023-09-15 16:03:10,926 - INFO: Connecting to MySQL server mysql:3306
2023-09-15 16:03:10,934 - INFO: Waiting for database connection...
2023-09-15 16:03:10,934 - INFO: (1130, "172.31.0.5' is not allowed to connect to this MariaDB server")
2023-09-15 16:03:11,938 - INFO: Waiting for database connection...
2023-09-15 16:03:11,938 - INFO: (1130, "172.31.0.5' is not allowed to connect to this MariaDB server")
2023-09-15 16:03:12,941 - INFO: Waiting for database connection...
2023-09-15 16:03:12,941 - INFO: (1130, "172.31.0.5' is not allowed to connect to this MariaDB server")
2023-09-15 16:03:13,944 - INFO: Waiting for database connection...
2023-09-15 16:03:13,944 - INFO: (1130, "172.31.0.5' is not allowed to connect to this MariaDB server")
2023-09-15 16:03:14,947 - INFO: Waiting for database connection...
2023-09-15 16:03:14,947 - INFO: (1130, "172.31.0.5' is not allowed to connect to this MariaDB server")
2023-09-15 16:03:15,949 - INFO: Waiting for database connection...
2023-09-15 16:03:15,950 - INFO: (1130, "172.31.0.5' is not allowed to connect to this MariaDB server")
2023-09-15 16:03:16,952 - INFO: Waiting for database connection...
2023-09-15 16:03:16,953 - INFO: (1130, "172.31.0.5' is not allowed to connect to this MariaDB server")
2023-09-15 16:03:17,955 - INFO: Waiting for database connection...
2023-09-15 16:03:17,956 - INFO: (1130, "172.31.0.5' is not allowed to connect to this MariaDB server")
2023-09-15 16:03:18,960 - INFO: Waiting for database connection...
2023-09-15 16:03:18,960 - INFO: (1130, "172.31.0.5' is not allowed to connect to this MariaDB server")
2023-09-15 16:03:19,960 - ERROR: Could not connect to database server mysql:3306
(1130, "172.31.0.5' is not allowed to connect to this MariaDB server")

Hello. Is it possible to implement some kind of package tagging? Optimal one that follows both the official MISP's releases, and your own implementation versions?

Is STIX intentionally not installed or is the execution of "pip3 install app/files/scripts/misp-stix/" missing in the Dockerfile?

Hi,

We have implemented your dockerized version of MISP and thank you for the work you've put in.

We are struggling with our fetch_feeds jobs as they are not reaching more than 50% when we are manually fetching. We are still in a testing phase where we are pulling 2 feeds to our instance.

We tried by flushing the REDIS db but it did not yield results. We also tried to kill the workers but it fails and prompts the "Contact the Admin" page.

MISP Version : 2.4.159

Hello, can you please update scripts for backup and also restore in /var/www/MISP/tools/misp-backup/ ?
In backup script is missing parametr for mysqldump (--column-statistics=0) otherwise it ends with error.
After finished recovery misp webpage show: "Permission Denied". Recovery script showed only:
mysqlshow: Cant connect to local MySQL server through socket /var/lib/mysql/mysql.sock.

Can you please give us step by step easy to use manual how to migrate misp database to another instance (e.g. disaster recovery from backups) which is tested on latest NUKIB misp version in docker?

Thank you

-bash-4.2$ k get pods
NAME READY STATUS RESTARTS AGE
misp-deployment-58fd569479-8g8nj 0/1 CrashLoopBackOff 206 17h
modules-5c95967d75-6l2tz 1/1 Running 0 4d
mysql-fb87b7574-b6llv 1/1 Running 0 18d
redis-85b9f97bd-gn89v 1/1 Running 0 18d
-bash-4.2$ k logs misp-deployment-58fd569479-8g8nj

MISP develop container image provided by National Cyber and Information Security Agency of the Czech Republic
In case of any problem with this image, please fill issue at https://github.com/NUKIB/misp/issues

Warning: 'SECURITY_SALT' environment variable should be at least 32 chars long
Setting system policy to DEFAULT:NO-SHA1
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
No syntax errors detected in /var/www/MISP/app/Config/config.php
No syntax errors detected in /var/www/MISP/app/Config/database.php
No syntax errors detected in /var/www/MISP/app/Config/email.php
Syntax OK
/usr/local/bin/docker-entrypoint.sh: line 44: 19 Bus error php-fpm --test

conditions

Latest version docker-compose file https://github.com/NUKIB/misp/blob/3ca6a4d8da272cd69dc7377725703e3c04d40872/docker-compose.yml

misp container's logs

[root@ip-xxx misp]# docker-compose up
misp-modules is up-to-date
misp-mysql is up-to-date
misp-redis is up-to-date
Recreating misp ... done
Attaching to misp-modules, misp-mysql, misp-redis, misp
misp            | ======================================
misp            | MISP develop container image provided by National Cyber and Information Security Agency of the Czech Republic
misp            | In case of any problem with this image, please fill issue at https://github.com/NUKIB/misp/issues
misp            | ======================================
misp            | Warning: 'SECURITY_SALT' environment variable should be at least 32 chars long
misp            | Setting system policy to DEFAULT:NO-SHA1
misp            | Note: System-wide crypto policies are applied on application start-up.
misp            | It is recommended to restart the system for the change of policies
misp            | to fully take place.
misp            | No syntax errors detected in /var/www/MISP/app/Config/config.php
misp            | No syntax errors detected in /var/www/MISP/app/Config/database.php
misp            | No syntax errors detected in /var/www/MISP/app/Config/email.php
misp            | Syntax OK
misp            | [19-Jul-2023 10:24:41] NOTICE: configuration file /etc/php-fpm.conf test is successful
misp            | 
misp            | 2023-07-19 10:24:41,259 - INFO: Connecting to MySQL server mysql:3306
misp            | 2023-07-19 10:24:41,263 - INFO: Database schema is already created.
misp            | Executing all updates to bring the database up to date with the current version.
misp            | All updates completed.
misp            | Updating all JSON structures.
misp            | Successfully connected to Redis.
misp            | gpg: keybox '/var/www/MISP/.gnupg/pubring.kbx' created
misp            | gpg: /var/www/MISP/.gnupg/trustdb.gpg: trustdb created
misp            | 2023-07-19 10:24:41,787 INFO Included extra file "/etc/supervisord.d/misp.ini" during parsing
misp            | 2023-07-19 10:24:41,787 INFO Set uid to user 0 succeeded
misp            | 2023-07-19 10:24:41,792 INFO RPC interface 'supervisor' initialized
misp            | 2023-07-19 10:24:41,792 CRIT Server 'unix_http_server' running without any HTTP authentication checking
misp            | 2023-07-19 10:24:41,793 INFO supervisord started with pid 1
misp            | Galaxies updated.
misp            | Noticelists updated.
misp            | Warninglists updated.
misp            | Taxonomies updated.
misp            | ObjectTemplates updated.
misp            | ObjectRelationships updated.
misp            | All JSON structures updated. Thank you and have a very safe and productive day.
misp            | 2023-07-19 10:24:42,795 INFO spawned: 'rsyslog' with pid 62
misp            | 2023-07-19 10:24:42,798 INFO spawned: 'httpd' with pid 63
misp            | 2023-07-19 10:24:42,800 INFO spawned: 'jobber' with pid 64
misp            | 2023-07-19 10:24:42,803 INFO spawned: 'default' with pid 65
misp            | 2023-07-19 10:24:42,806 INFO spawned: 'email_00' with pid 68
misp            | 2023-07-19 10:24:42,810 INFO spawned: 'email_01' with pid 74
misp            | 2023-07-19 10:24:42,817 INFO spawned: 'email_02' with pid 77
misp            | 2023-07-19 10:24:42,820 INFO spawned: 'cache' with pid 78
misp            | 2023-07-19 10:24:42,824 INFO spawned: 'prio_00' with pid 81
misp            | 2023-07-19 10:24:42,827 INFO spawned: 'prio_01' with pid 82
misp            | 2023-07-19 10:24:42,830 INFO spawned: 'prio_02' with pid 83
misp            | 2023-07-19 10:24:42,833 INFO spawned: 'update' with pid 85
misp            | 2023-07-19 10:24:42,836 INFO spawned: 'php-fpm' with pid 86
misp            | 2023-07-19 10:24:42,837 INFO reaped unknown pid 32 (exit status 0)
misp            | 2023-07-19 10:24:44,232 INFO success: rsyslog entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp            | 2023-07-19 10:24:44,232 INFO success: httpd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp            | 2023-07-19 10:24:44,232 INFO success: jobber entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp            | 2023-07-19 10:24:44,232 INFO success: default entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp            | 2023-07-19 10:24:44,232 INFO success: email_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp            | 2023-07-19 10:24:44,232 INFO success: email_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp            | 2023-07-19 10:24:44,232 INFO success: email_02 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp            | 2023-07-19 10:24:44,232 INFO success: cache entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp            | 2023-07-19 10:24:44,232 INFO success: prio_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp            | 2023-07-19 10:24:44,232 INFO success: prio_01 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp            | 2023-07-19 10:24:44,232 INFO success: prio_02 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp            | 2023-07-19 10:24:44,232 INFO success: update entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
misp            | 2023-07-19 10:24:44,232 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)

response nothing

[root@ip-xxx misp]# docker-compose ps
    Name                  Command                  State                             Ports                       
-----------------------------------------------------------------------------------------------------------------
misp           /usr/local/bin/docker-entr ...   Up (healthy)   127.0.0.1:50000->50000/tcp, 127.0.0.1:8080->80/tcp
misp-modules   /home/misp-modules/.local/ ...   Up (healthy)   6666/tcp                                          
misp-mysql     docker-entrypoint.sh mariadbd    Up             3306/tcp                                          
misp-redis     docker-entrypoint.sh redis ...   Up             6379/tcp  
[root@ip-xxx misp]# curl http://127.0.0.1:8080
[root@ip-xxx misp]# 

Hello, Just adding an issue to reference my PR for my changes #45.
Nothing was changed other than the formatting.

Thanks for all your hard work.

Hi all,

I am testing your current MISP image due to the problems to use PHP 7.4 under RHEL9 and it is very impressive. Congratulations and really good work. I don't know if this is the right forum, but I have a few questions regarding image customisation.

• Is it possible to use podman as a container stack instead of docker? I am using RHEL9 as a host
• Regarding to use crypto policies in this image. By default, my hosts are configured to use FIPS as a default policy. Can I expecto some type of problem?
• What port is used for misp-modules? Default:6666?
• Is it possible to setup a supervisor's user with password?
• Regarding conainer volumes: how can I backup some important files and dirs like for example $PATH_TO_MISP/app/webroot/img/orgs, $PATH_TO_MISP/app/webroot/img/custom, $PATH_TO_MISP/app/files dirs?
• Backup and restore: exists some type of procedure to backup and restore all fetched feeds?

Many thanks

Hello,

I 'm trying to use misp with CAS OIDC. All seem ok but i have this error :
2023-03-10 13:27:45 Error: [JakubOnderka\JsonException] Could not decode provided JSON
Request URL: /users/login
Stack Trace:
#0 /var/www/MISP/app/Vendor/jakub-onderka/openid-connect-php/src/OpenIDConnectClient.php(210): JakubOnderka\Json::decode()
#1 /var/www/MISP/app/Vendor/jakub-onderka/openid-connect-php/src/OpenIDConnectClient.php(2208): JakubOnderka\CurlResponse->json()
#2 /var/www/MISP/app/Vendor/jakub-onderka/openid-connect-php/src/OpenIDConnectClient.php(890): JakubOnderka\OpenIDConnectClient->endpointRequest()
#3 /var/www/MISP/app/Vendor/jakub-onderka/openid-connect-php/src/OpenIDConnectClient.php(555): JakubOnderka\OpenIDConnectClient->requestAuthorization()
#4 /var/www/MISP/app/Plugin/OidcAuth/Lib/Oidc.php(22): JakubOnderka\OpenIDConnectClient->authenticate()
#5 /var/www/MISP/app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php(33): Oidc->authenticate()
#6 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Controller/Component/AuthComponent.php(772): OidcAuthenticate->authenticate()
#7 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Controller/Component/AuthComponent.php(612): AuthComponent->identify()
#8 /var/www/MISP/app/Controller/UsersController.php(1211): AuthComponent->login()
#9 [internal function]: UsersController->login()
#10 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Controller/Controller.php(499): ReflectionMethod->invokeArgs()
#11 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction()
#12 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke()
#13 /var/www/MISP/app/webroot/index.php(99): Dispatcher->dispatch()
#14 {main}

I try all options but i don't know why there is a problem.
My conf :
misp
nginx for https
oidc

The format is :
{
"sub": "[email protected]",
"service": "https://misptux.com/",
"auth_time": 1678438129,
"attributes": {
"email": "[email protected]",
"roles": "misp-access",
"userId": "E4883"
},
"id": "[email protected]",
"client_id": "sgp5Ngmy345Aq9grDtkywncgz7Hj9HhYhtKorLMSeQoiSXFw9vUMcxU2kSTjTfYk"
}

I don't understant what's wrong?