diff --git a/INSTALL/INSTALL.debian.sh b/INSTALL/INSTALL.debian.sh
new file mode 100755
index 000000000..96af41d36
--- /dev/null
+++ b/INSTALL/INSTALL.debian.sh
@@ -0,0 +1,986 @@
+#!/usr/bin/env bash
+#INSTALLATION INSTRUCTIONS
+#------------------------- for Kali Linux
+#
+#0/ Quick MISP Instance on Kali Linux - Status
+#---------------------------------------------
+#
+#1/ Prepare Kali with a MISP User
+#--------------------------------
+# To install MISP on Kali copy paste this in your r00t shell:
+# wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash /tmp/misp-kali.sh
+# /!\ Please read the installer script before randomly doing the above.
+# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
+
+# Leave empty for NO debug messages.
+DEBUG=
+
+# Function Section
+
+## Usage of this script
+usage () {
+  echo "Please specify what type of MISP if you want to install."
+  space
+  echo "${0} -c | Install ONLY MISP Core"                   # core
+  echo "                    -V | Core + Viper"              # viper
+  echo "                    -M | Core + MISP modules"       # modules
+  echo "                    -D | Core + MISP dashboard"     # dashboard
+  echo "                    -m | Core + Mail 2 MISP"        # mail2
+  echo "                    -A | Install all of the above"  # all
+  space
+  echo "                    -C | Only do pre-install checks and exit" # pre
+  space
+  echo "Options can be combined: ${0} -V -D # Will install Core+Viper+Dashboard"
+  space
+}
+
+checkOpt () {
+  # checkOpt feature
+  containsElement $1 "${options[@]}"
+}
+
+setOpt () {
+  options=()
+  for o in $@; do 
+    option=$(
+    case "$o" in
+      ("-c") echo "core" ;;
+      ("-V") echo "viper" ;;
+      ("-M") echo "modules" ;;
+      ("-D") echo "dashboard" ;;
+      ("-m") echo "mail2" ;;
+      ("-A") echo "all" ;;
+      ("-C") echo "pre" ;;
+      #(*) echo "$o is not a valid argument" ;;
+    esac)
+    options+=($option)
+  done
+}
+
+# Extract debian flavour
+checkFlavour () {
+  FLAVOUR=$(lsb_release -s -i |tr [A-Z] [a-z])
+}
+
+# Dynamic horizontal spacer
+space () {
+  # Check terminal width
+  num=`tput cols`
+  for i in `seq 1 $num`; do
+    echo -n "-"
+  done
+  echo ""
+}
+
+# Simple debug function with message
+debug () {
+  echo $1
+  if [ ! -z $DEBUG ]; then
+    echo "Debug Mode, press enter to continue..."
+    read
+  fi
+}
+
+# Check if element is contained in array
+containsElement () {
+  local e match="$1"
+  shift
+  for e; do [[ "$e" == "$match" ]] && return 0; done
+  return 1
+}
+
+# Simple function to check command exit code
+checkFail () {
+  if [[ $2 -ne 0 ]]; then
+    echo "iAmError: $1"
+    echo "The last command exited with error code: $2"
+    exit $2
+  fi
+}
+
+# Check if misp user is present and if run as root
+checkID () {
+  if [[ $EUID == 0 ]]; then
+   echo "This script cannot be run as a root"
+   exit 1
+  elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
+    echo "There is NO user called '$MISP_USER' create a user '$MISP_USER' or continue as $USER? (y/n) "
+    read ANSWER
+    ANSWER=$(echo $ANSWER |tr [A-Z] [a-z])
+    if [[ $ANSWER == "y" ]]; then
+      useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data $MISP_USER
+      echo $MISP_USER:$MISP_PASSWORD | chpasswd
+      echo "User $MISP_USER added, password is: $MISP_PASSWORD"
+    elif [[ $ANSWER == "n" ]]; then
+      echo "Using $USER as install user, hope that is what you want."
+      MISP_USER=$USER
+    else
+      echo "yes or no was asked, try again."
+      exit 1
+    fi
+  else
+    echo "User ${MISP_USER} exists, skipping creation"
+  fi
+}
+
+# check if sudo is installed
+checkSudo () {
+sudo -H -u $MISP_USER ls -la /tmp > /dev/null 2> /dev/null
+if [[ $? -ne 0 ]]; then
+  echo "sudo seems to be not installed or working, please fix this before continuing the installation."
+  echo "apt install sudo # As root should be enough, make sure the $MISP_USER is able to run sudo."
+  exit 1
+fi
+}
+
+# check is /usr/local/src is RW by misp user
+checkUsrLocalSrc () {
+if [[ -e /usr/local/src ]]; then
+  if [[ -w /usr/local/src ]]; then
+    echo "Good, /usr/local/src exists and is writeable as $MISP_USER"
+  else
+    echo -n "/usr/local/src need to be writeable by $MISP_USER, permission to fix? (y/n)"
+    read ANSWER
+    ANSWER=$(echo $ANSWER |tr [A-Z] [a-z])
+  fi
+fi
+
+}
+
+# Because Kali is l33t we make sure we run as root
+kaliOnRootR0ckz () {
+  if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root"
+   exit 1
+  elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
+    useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data $MISP_USER
+    echo $MISP_USER:$MISP_PASSWORD | chpasswd
+  else
+    # TODO: Make sure we consider this further down the road
+    echo "User ${MISP_USER} exists, skipping creation"
+  fi
+}
+
+# Setting generic MISP variables share by all flavours
+MISPvars () {
+  # Local non-root MISP user
+  MISP_USER='misp'
+  MISP_PASSWORD='Password1234'
+
+  # MISP configuration variables
+  PATH_TO_MISP='/var/www/MISP'
+  MISP_BASEURL='https://misp.local'
+  MISP_LIVE='1'
+  CAKE="$PATH_TO_MISP/app/Console/cake"
+
+  # Database configuration
+  DBHOST='localhost'
+  DBNAME='misp'
+  DBUSER_ADMIN='root'
+  DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
+  DBUSER_MISP='misp'
+  DBPASSWORD_MISP="$(openssl rand -hex 32)"
+
+  # Webserver configuration
+  FQDN='misp.local'
+
+  # OpenSSL configuration
+  OPENSSL_CN=$FQDN
+  OPENSSL_C='LU'
+  OPENSSL_ST='State'
+  OPENSSL_L='Location'
+  OPENSSL_O='Organization'
+  OPENSSL_OU='Organizational Unit'
+  OPENSSL_EMAILADDRESS='info@localhost'
+
+  # GPG configuration
+  GPG_REAL_NAME='Autogenerated Key'
+  GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
+  GPG_EMAIL_ADDRESS='admin@admin.test'
+  GPG_KEY_LENGTH='2048'
+  GPG_PASSPHRASE='Password1234'
+
+  # php.ini configuration
+  upload_max_filesize=50M
+  post_max_size=50M
+  max_execution_time=300
+  memory_limit=512M
+  PHP_INI=/etc/php/7.3/apache2/php.ini
+
+  # apt config
+  export DEBIAN_FRONTEND=noninteractive
+
+  # sudo config to run $LUSER commands
+  SUDO="sudo -u ${MISP_USER}"
+  SUDO_WWW="sudo -u www-data"
+
+  echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
+  echo "User  (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
+}
+
+# Installing core dependencies
+installDeps () {
+  apt update
+  apt install -qy etckeeper
+  # Skip dist-upgrade for now, pulls in 500+ updated packages
+  #sudo apt -y dist-upgrade
+  gitMail=$(git config --global --get user.email ; echo $?)
+  if [ "$?" -eq "1" ]; then 
+    git config --global user.email "root@kali.lan"
+  fi
+  gitUser=$(git config --global --get user.name ; echo $?)
+  if [ "$?" -eq "1" ]; then 
+    git config --global user.name "Root User"
+  fi
+
+  apt install -qy postfix
+
+  apt install -qy \
+  curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \
+  mariadb-client \
+  mariadb-server \
+  apache2 apache2-doc apache2-utils \
+  libapache2-mod-php7.3 php7.3 php7.3-cli  php7.3-mbstring php-pear php7.3-dev php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php-redis php-gnupg \
+  python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
+  libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools expect
+
+  installRNG
+}
+
+# Test and install software RNG
+installRNG () {
+  modprobe tpm-rng 2> /dev/null
+  if [ "$?" -eq "0" ]; then 
+    echo tpm-rng >> /etc/modules
+  fi
+  apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS
+  service rng-tools start
+
+  if [ "$?" -eq "1" ]; then 
+    apt purge -qy rng-tools
+    apt install -qy haveged
+    /etc/init.d/haveged start
+  fi
+}
+
+# On Kali, the redis start-up script is broken. This tries to fix it.
+fixRedis () {
+  # As of 20190124 redis-server init.d scripts are broken and need to be replaced
+  mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d`
+
+  echo '#! /bin/sh
+### BEGIN INIT INFO
+# Provides:		redis-server
+# Required-Start:	$syslog
+# Required-Stop:	$syslog
+# Should-Start:		$local_fs
+# Should-Stop:		$local_fs
+# Default-Start:	2 3 4 5
+# Default-Stop:		0 1 6
+# Short-Description:	redis-server - Persistent key-value db
+# Description:		redis-server - Persistent key-value db
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/bin/redis-server
+DAEMON_ARGS=/etc/redis/redis.conf
+NAME=redis-server
+DESC=redis-server
+PIDFILE=/var/run/redis.pid
+
+test -x $DAEMON || exit 0
+test -x $DAEMONBOOTSTRAP || exit 0
+
+set -e
+
+case "$1" in
+  start)
+	echo -n "Starting $DESC: "
+	touch $PIDFILE
+	chown redis:redis $PIDFILE
+	if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS
+	then
+		echo "$NAME."
+	else
+		echo "failed"
+	fi
+	;;
+  stop)
+	echo -n "Stopping $DESC: "
+	if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
+	then
+		echo "$NAME."
+	else
+		echo "failed"
+	fi
+	rm -f $PIDFILE
+	;;
+
+  restart|force-reload)
+	${0} stop
+	${0} start
+	;;
+  *)
+	echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2
+	exit 1
+	;;
+esac
+
+exit 0' | tee /etc/init.d/redis-server
+  chmod 755 /etc/init.d/redis-server
+  /etc/init.d/redis-server start
+}
+
+# generate MISP apache conf
+genApacheConf () {
+  echo "<VirtualHost _default_:80>
+          ServerAdmin admin@localhost.lu
+          ServerName misp.local
+
+          Redirect permanent / https://misp.local
+
+          LogLevel warn
+          ErrorLog /var/log/apache2/misp.local_error.log
+          CustomLog /var/log/apache2/misp.local_access.log combined
+          ServerSignature Off
+  </VirtualHost>
+
+  <VirtualHost _default_:443>
+          ServerAdmin admin@localhost.lu
+          ServerName misp.local
+          DocumentRoot $PATH_TO_MISP/app/webroot
+
+          <Directory $PATH_TO_MISP/app/webroot>
+                  Options -Indexes
+                  AllowOverride all
+  		            Require all granted
+                  Order allow,deny
+                  allow from all
+          </Directory>
+
+          SSLEngine On
+          SSLCertificateFile /etc/ssl/private/misp.local.crt
+          SSLCertificateKeyFile /etc/ssl/private/misp.local.key
+  #        SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
+
+          LogLevel warn
+          ErrorLog /var/log/apache2/misp.local_error.log
+          CustomLog /var/log/apache2/misp.local_access.log combined
+          ServerSignature Off
+          Header set X-Content-Type-Options nosniff
+          Header set X-Frame-Options DENY
+  </VirtualHost>" | tee /etc/apache2/sites-available/misp-ssl.conf
+}
+
+# Add git pull update mechanism to rc.local - TODO: Make this better
+gitPullAllRCLOCAL () {
+  sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
+  sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
+  sed -i -e '$i \    echo "Updating ${d}"\n' /etc/rc.local
+  sed -i -e '$i \    cd $d && sudo git pull &\n' /etc/rc.local
+  sed -i -e '$i \done\n' /etc/rc.local
+}
+
+# Composer on php 7.2 does not need any special treatment the provided phar works well
+composer72 () {
+  cd $PATH_TO_MISP/app
+  mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
+  $SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
+  $SUDO_WWW php composer.phar config vendor-dir Vendor
+  $SUDO_WWW php composer.phar install
+}
+
+# Composer on php 7.3 needs a recent version of composer.phar
+composer73 () {
+  cd $PATH_TO_MISP/app
+  mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
+  # Update composer.phar
+  # If hash changes, check here: https://getcomposer.org/download/ and replace with the correct one
+  # Current Sum for: v1.8.3
+  SHA384_SUM='48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5'
+  sudo -H -u www-data php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+  sudo -H -u www-data php -r "if (hash_file('SHA384', 'composer-setup.php') === '$SHA384_SUM') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); exit(137); } echo PHP_EOL;"
+  checkFail "composer.phar checksum failed, please investigate manually. " $?
+  sudo -H -u www-data php composer-setup.php
+  sudo -H -u www-data php -r "unlink('composer-setup.php');"
+  $SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
+  $SUDO_WWW php composer.phar config vendor-dir Vendor
+  $SUDO_WWW php composer.phar install
+}
+
+# Enable various core services
+enableServices () {
+    update-rc.d mysql enable
+    update-rc.d apache2 enable
+    update-rc.d redis-server enable
+  }
+
+# Main MISP Dashboard install function
+mispDashboard () {
+  cd /var/www
+  mkdir misp-dashboard
+  chown www-data:www-data misp-dashboard
+  $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
+  cd misp-dashboard
+  /var/www/misp-dashboard/install_dependencies.sh
+  sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
+  sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
+  $SUDO_WWW bash /var/www/misp-dashboard/start_all.sh
+  apt install libapache2-mod-wsgi-py3 -y
+  echo "<VirtualHost *:8001>
+      ServerAdmin admin@misp.local
+      ServerName misp.local
+
+      DocumentRoot /var/www/misp-dashboard
+
+      WSGIDaemonProcess misp-dashboard \
+         user=misp group=misp \
+         python-home=/var/www/misp-dashboard/DASHENV \
+         processes=1 \
+         threads=15 \
+         maximum-requests=5000 \
+         listen-backlog=100 \
+         queue-timeout=45 \
+         socket-timeout=60 \
+         connect-timeout=15 \
+         request-timeout=60 \
+         inactivity-timeout=0 \
+         deadlock-timeout=60 \
+         graceful-timeout=15 \
+         eviction-timeout=0 \
+         shutdown-timeout=5 \
+         send-buffer-size=0 \
+         receive-buffer-size=0 \
+         header-buffer-size=0 \
+         response-buffer-size=0 \
+         server-metrics=Off
+
+      WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
+
+      <Directory /var/www/misp-dashboard>
+          WSGIProcessGroup misp-dashboard
+          WSGIApplicationGroup %{GLOBAL}
+          Require all granted
+      </Directory>
+
+      LogLevel info
+      ErrorLog /var/log/apache2/misp-dashboard.local_error.log
+      CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
+      ServerSignature Off
+  </VirtualHost>" | tee /etc/apache2/sites-available/misp-dashboard.conf
+  a2ensite misp-dashboard
+}
+
+# TODO: dashboardCAKE () { }
+
+# Core cake commands
+coreCAKE () {
+  $CAKE Live $MISP_LIVE
+  $CAKE Baseurl $MISP_BASEURL
+
+  $CAKE userInit -q
+
+  $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
+  $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
+  $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
+  $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
+  $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
+  $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
+  $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
+  $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
+  $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
+  $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
+  $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
+  $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
+  $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
+  $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
+  $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
+  $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
+  $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
+  $CAKE Admin setSetting "GnuPG.homedir" "/var/www/MISP/.gnupg"
+  $CAKE Admin setSetting "GnuPG.password" "Password1234"
+  $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
+  $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
+  $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
+  $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
+  $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
+  $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
+  $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
+  $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
+  $CAKE Admin setSetting "Plugin.Import_services_enable" true
+  $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
+  $CAKE Admin setSetting "Plugin.Import_services_port" 6666
+  $CAKE Admin setSetting "Plugin.Import_timeout" 300
+  $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
+  $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
+  $CAKE Admin setSetting "Plugin.Export_services_enable" true
+  $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
+  $CAKE Admin setSetting "Plugin.Export_services_port" 6666
+  $CAKE Admin setSetting "Plugin.Export_timeout" 300
+  $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
+  $CAKE Admin setSetting "MISP.host_org_id" 1
+  $CAKE Admin setSetting "MISP.email" "info@admin.test"
+  $CAKE Admin setSetting "MISP.disable_emailing" false
+  $CAKE Admin setSetting "MISP.contact" "info@admin.test"
+  $CAKE Admin setSetting "MISP.disablerestalert" true
+  $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
+  $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
+  $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
+  $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
+  $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
+  $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
+  $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
+  $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
+  $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
+  $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
+  $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
+  $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
+  $CAKE Admin setSetting "Plugin.Sightings_policy" 0
+  $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
+  $CAKE Admin setSetting "Plugin.Sightings_range" 365
+  $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
+  $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
+  $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
+  $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
+  $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
+  $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
+  $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
+  $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
+  $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
+  $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
+  $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
+  $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
+  $CAKE Admin setSetting "MISP.language" "eng"
+  $CAKE Admin setSetting "MISP.proposals_block_attributes" false
+  $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
+  $CAKE Admin setSetting "MISP.redis_port" 6379
+  $CAKE Admin setSetting "MISP.redis_database" 13
+  $CAKE Admin setSetting "MISP.redis_password" ""
+  $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
+  $CAKE Admin setSetting "MISP.extended_alert_subject" false
+  $CAKE Admin setSetting "MISP.default_event_threat_level" 4
+  $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
+  $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
+  $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
+  $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
+  $CAKE Admin setSetting "MISP.log_client_ip" false
+  $CAKE Admin setSetting "MISP.log_auth" false
+  $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
+  $CAKE Admin setSetting "MISP.block_event_alert" false
+  $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
+  $CAKE Admin setSetting "MISP.block_old_event_alert" false
+  $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
+  $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
+  $CAKE Admin setSetting "MISP.footermidleft" "This is an autogenerated install"
+  $CAKE Admin setSetting "MISP.footermidright" "Please configure accordingly and do not use in production"
+  $CAKE Admin setSetting "MISP.welcome_text_top" "Autogenerated install, please configure and harden accordingly"
+  $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on Kali"
+  $CAKE Admin setSetting "Security.password_policy_length" 12
+  $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
+  $CAKE Admin setSetting "Session.autoRegenerate" 0
+  $CAKE Admin setSetting "Session.timeout" 600
+  $CAKE Admin setSetting "Session.cookie_timeout" 3600
+  $CAKE Live $MISP_LIVE
+}
+
+# Setup GnuPG key
+setupGnuPG () {
+  echo "%echo Generating a default key
+      Key-Type: default
+      Key-Length: $GPG_KEY_LENGTH
+      Subkey-Type: default
+      Name-Real: $GPG_REAL_NAME
+      Name-Comment: $GPG_COMMENT
+      Name-Email: $GPG_EMAIL_ADDRESS
+      Expire-Date: 0
+      Passphrase: $GPG_PASSPHRASE
+      # Do a commit here, so that we can later print "done"
+      %commit
+  %echo done" > /tmp/gen-key-script
+
+  $SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
+
+  $SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
+}
+
+updateGOWNT () {
+  AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
+
+  # TODO: Fix updateGalaxies
+  #$CAKE Admin updateGalaxies
+  curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
+  $CAKE Admin updateTaxonomies
+  # TODO: Fix updateWarningLists
+  #$CAKE Admin updateWarningLists
+  curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
+  curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
+  curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
+}
+
+# Generate rc.local
+genRCLOCAL () {
+  if [ ! -e /etc/rc.local ]; then
+      echo '#!/bin/sh -e' | tee -a /etc/rc.local
+      echo 'exit 0' | tee -a /etc/rc.local
+      chmod u+x /etc/rc.local
+  fi
+
+  sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
+  sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
+  sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
+  sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
+}
+
+# Main MISP Modules install function
+mispmodules () {
+  sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
+  $SUDO_WWW bash $PATH_TO_MISP/app/Console/worker/start.sh
+  cd /usr/local/src/
+  git clone https://github.com/MISP/misp-modules.git
+  cd misp-modules
+  # pip3 install
+  pip3 install -I -r REQUIREMENTS
+  pip3 install -I .
+  pip3 install maec lief python-magic wand yara
+  pip3 install git+https://github.com/kbandla/pydeep.git
+  gem install pygments.rb
+  gem install asciidoctor-pdf --pre
+  $SUDO_WWW misp-modules -l 0.0.0.0 -s &
+}
+
+# Main Viper install function
+viper () {
+  cd /usr/local/src/
+  debug "Installing Viper dependencies"
+  apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
+  pip3 install SQLAlchemy PrettyTable python-magic
+  debug "Cloning Viper"
+  git clone https://github.com/viper-framework/viper.git
+  chown -R $MISP_USER:$MISP_USER viper
+  cd viper
+  debug "Submodule update"
+  $SUDO git submodule update --init --recursive
+  debug "pip install scrapy"
+  pip3 install scrapy
+  debug "pip install reqs"
+  pip3 install -r requirements.txt
+  debug "pip uninstall yara"
+  pip3 uninstall yara -y
+  debug "Launching viper-cli"
+  $SUDO /usr/local/src/viper/viper-cli -h > /dev/null
+  debug "Launching viper-web"
+  $SUDO /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
+  echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |tee /etc/environment
+  echo ". /etc/environment" >> /home/${MISP_USER}/.profile
+  debug "Setting misp_url/misp_key"
+  $SUDO sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" /home/${MISP_USER}/.viper/viper.conf
+  $SUDO sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" /home/${MISP_USER}/.viper/viper.conf
+
+  debug "Fixing admin.db with default password"
+  while [ "$(sqlite3 /home/${MISP_USER}/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo $?)" -ne "0" ]; do
+    # FIXME This might lead to a race condition, the while loop is sub-par
+    chown $MISP_USER:$MISP_USER /home/${MISP_USER}/.viper/admin.db
+    echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…"
+    sleep 6
+  done
+  sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &\n' /etc/rc.local
+}
+
+# Main function to fix permissions to something sane
+permissions () {
+  chown -R www-data:www-data $PATH_TO_MISP
+  chmod -R 750 $PATH_TO_MISP
+  chmod -R g+ws $PATH_TO_MISP/app/tmp
+  chmod -R g+ws $PATH_TO_MISP/app/files
+  chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
+}
+
+# Main mail2misp install function
+mail2misp () {
+  cd /usr/local/src/
+  apt-get install -y cmake
+  git clone https://github.com/MISP/mail_to_misp.git
+  git clone git://github.com/stricaud/faup.git faup
+  chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp
+  cd faup
+  $SUDO mkdir -p build
+  cd build
+  $SUDO cmake .. && $SUDO make
+  make install
+  ldconfig
+  cd ../../
+  cd mail_to_misp
+  pip3 install -r requirements.txt
+  $SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
+  sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
+  sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
+}
+
+# Final function to let the user know what happened
+theEnd () {
+  space
+  echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" > /home/${MISP_USER}/mysql.txt
+  echo "User  (misp) DB Password: $DBPASSWORD_MISP" >> /home/${MISP_USER}/mysql.txt
+  echo "Authkey: $AUTH_KEY" > /home/${MISP_USER}/MISP-authkey.txt
+
+  clear
+  space
+  echo "MISP Installed, access here: https://misp.local"
+  echo "User: admin@admin.test"
+  echo "Password: admin"
+  echo "MISP Dashboard, access here: http://misp.local:8001"
+  space
+  echo "The following files were created and need either protection or removal (shred on the CLI)"
+  echo "/home/${MISP_USER}/mysql.txt"
+  echo "/home/${MISP_USER}/MISP-authkey.txt"
+  cat /home/${MISP_USER}/mysql.txt
+  cat /home/${MISP_USER}/MISP-authkey.txt
+  space
+  echo "The LOCAL system credentials:"
+  echo "User: ${MISP_USER}"
+  echo "Password: ${MISP_PASSWORD}"
+  space
+  echo "viper-web installed, access here: http://misp.local:8888"
+  echo "viper-cli configured with your MISP Site Admin Auth Key"
+  echo "User: admin"
+  echo "Password: Password1234"
+  space
+  echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:"
+  space
+  echo "sudo postconf -e 'relayhost = example.com'"
+  echo "sudo postfix reload"
+  space
+  echo "Enjoy using MISP. For any issues see here: https://github.com/MISP/MISP/issues"
+  su - ${MISP_USER}
+}
+
+# Main Kalin Install function
+installMISPonKali () {
+  space
+  debug "Disabling sleep etc…"
+  gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 2> /dev/null
+  gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 2> /dev/null
+  gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type 'nothing' 2> /dev/null
+  xset s 0 0 2> /dev/null
+  xset dpms 0 0 2> /dev/null
+  xset s off 2> /dev/null
+
+  debug "Installing dependencies"
+  installDeps
+
+  debug "Enabling redis and gnupg modules"
+  phpenmod -v 7.3 redis
+  phpenmod -v 7.3 gnupg
+
+  debug "Apache2 ops: dismod: status php7.2 - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl"
+  a2dismod status
+  a2dismod php7.2
+  a2enmod ssl rewrite headers php7.3
+  a2dissite 000-default
+  a2ensite default-ssl
+
+  debug "Restarting mysql.service"
+  systemctl restart mysql.service
+
+  debug "Fixing redis rc script on Kali"
+  fixRedis
+
+  debug "git clone, submodule update everything"
+  mkdir $PATH_TO_MISP
+  chown www-data:www-data $PATH_TO_MISP
+  cd $PATH_TO_MISP
+  $SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
+
+  $SUDO_WWW git config core.filemode false
+
+  cd $PATH_TO_MISP
+  $SUDO_WWW git submodule update --init --recursive
+  # Make git ignore filesystem permission differences for submodules
+  $SUDO_WWW git submodule foreach --recursive git config core.filemode false
+
+  cd $PATH_TO_MISP/app/files/scripts
+  $SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
+  $SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
+  $SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
+
+  debug "Installing python-cybox"
+  cd $PATH_TO_MISP/app/files/scripts/python-cybox
+  pip3 install .
+  debug "Installing python-stix"
+  cd $PATH_TO_MISP/app/files/scripts/python-stix
+  pip3 install .
+  # install STIX2.0 library to support STIX 2.0 export:
+  debug "Installing cti-python-stix2"
+  cd ${PATH_TO_MISP}/cti-python-stix2
+  pip3 install -I .
+  debug "Installing mixbox"
+  cd $PATH_TO_MISP/app/files/scripts/mixbox
+  pip3 install .
+  # install PyMISP
+  debug "Installing PyMISP"
+  cd $PATH_TO_MISP/PyMISP
+  pip3 install .
+
+  # Install Crypt_GPG and Console_CommandLine
+  debug "Installing pear Console_CommandLine"
+  pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
+  debug "Installing pear Crypt_GPG"
+  pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
+
+  debug "Installing composer with php 7.3 updates"
+  composer73
+
+  $SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
+
+  chown -R www-data:www-data $PATH_TO_MISP
+  chmod -R 750 $PATH_TO_MISP
+  chmod -R g+ws $PATH_TO_MISP/app/tmp
+  chmod -R g+ws $PATH_TO_MISP/app/files
+  chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
+
+  debug "Setting up database"
+  if [ ! -e /var/lib/mysql/misp/users.ibd ]; then
+    echo "
+      set timeout 10
+      spawn mysql_secure_installation
+      expect \"Enter current password for root (enter for none):\"
+      send -- \"\r\"
+      expect \"Set root password?\"
+      send -- \"y\r\"
+      expect \"New password:\"
+      send -- \"${DBPASSWORD_ADMIN}\r\"
+      expect \"Re-enter new password:\"
+      send -- \"${DBPASSWORD_ADMIN}\r\"
+      expect \"Remove anonymous users?\"
+      send -- \"y\r\"
+      expect \"Disallow root login remotely?\"
+      send -- \"y\r\"
+      expect \"Remove test database and access to it?\"
+      send -- \"y\r\"
+      expect \"Reload privilege tables now?\"
+      send -- \"y\r\"
+      expect eof" | expect -f -
+
+    mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
+    mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
+    mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
+    mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
+
+    enableServices
+
+    $SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
+
+    echo "<?php
+  class DATABASE_CONFIG {
+          public \$default = array(
+                  'datasource' => 'Database/Mysql',
+                  //'datasource' => 'Database/Postgres',
+                  'persistent' => false,
+                  'host' => '$DBHOST',
+                  'login' => '$DBUSER_MISP',
+                  'port' => 3306, // MySQL & MariaDB
+                  //'port' => 5432, // PostgreSQL
+                  'password' => '$DBPASSWORD_MISP',
+                  'database' => '$DBNAME',
+                  'prefix' => '',
+                  'encoding' => 'utf8',
+          );
+  }" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
+  else
+    echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
+    echo "Skipping any creations…"
+    sleep 3
+  fi
+
+  debug "Generating Certificate"
+  openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
+  -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
+  -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
+
+  debug "Generating Apache Conf"
+  genApacheConf
+
+  echo "127.0.0.1 misp.local" | tee -a /etc/hosts
+
+  debug "Installing MISP dashboard"
+  mispDashboard
+
+  debug "Disabling site default-ssl, enabling misp-ssl"
+  a2dissite default-ssl
+  a2ensite misp-ssl
+
+  for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
+  do
+      sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
+  done
+
+  debug "Restarting Apache2"
+  systemctl restart apache2
+
+  debug "Setting up logrotate"
+  cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+  chmod 0640 /etc/logrotate.d/misp
+
+  $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
+  $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
+  $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
+
+  chown -R www-data:www-data $PATH_TO_MISP/app/Config
+  chmod -R 750 $PATH_TO_MISP/app/Config
+
+  debug "Setting up GnuPG"
+  setupGnuPG
+
+  chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
+
+  debug "Running Core Cake commands"
+  coreCAKE
+
+  debug "Update: Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies"
+  updateGOWNT
+
+  debug "Generating rc.local"
+  genRCLOCAL
+
+  gitPullAllRCLOCAL
+
+  debug "Installing misp-modules"
+  mispmodules
+
+  debug "Installing Viper"
+  viper
+
+  debug "Setting permissions"
+  permissions
+
+  debug "Running Then End!"
+  theEnd
+}
+
+
+debug "Checking for parameters or Kali Install"
+if [[ $# -ne 1 && $0 != "/tmp/misp-kali.sh" ]]; then
+  usage
+  exit 
+else
+  debug "Setting install options with given parameters."
+  setOpt $@
+  checkOpt core && echo "core selected"
+  checkOpt viper && echo "viper selected"
+  checkOpt modules && echo "modules selected"
+  checkOpt dashboard && echo "dashboard selected"
+  checkOpt mail2 && echo "mail2 selected"
+  checkOpt all && echo "all selected"
+  checkOpt pre && echo "pre selected"
+fi
+
+debug "Checking flavour"
+checkFlavour
+debug "Setting MISP variables"
+MISPvars
+
+if [ "${FLAVOUR}" == "kali" ]; then
+  kaliOnRootR0ckz
+  installMISPonKali
+  exit
+fi
diff --git a/INSTALL/INSTALL.kali.txt b/INSTALL/INSTALL.kali.txt
deleted file mode 100644
index e67fa5f6e..000000000
--- a/INSTALL/INSTALL.kali.txt
+++ /dev/null
@@ -1,673 +0,0 @@
-#!/usr/bin/env bash
-#INSTALLATION INSTRUCTIONS
-#------------------------- for Kali Linux
-#
-#0/ Quick MISP Instance on Kali Linux - Status
-#---------------------------------------------
-#
-#1/ Prepare Kali with a MISP User
-#--------------------------------
-# To install MISP on Kali copy paste this in your r00t shell:
-# wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.kali.txt && bash /tmp/misp-kali.sh
-# /!\ Please read the installer script before randomly doing the above.
-# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
-
-
-# Bug: /tmp/misp-kali.sh: line 142: pip3: command not found
-
-
-
-MISP_USER='misp'
-MISP_PASSWORD='Password1234'
-
-function kaliOnRootR0ckz() {
-  if [[ $EUID -ne 0 ]]; then
-   echo "This script must be run as root"
-   exit 1
-  elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
-    useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data $MISP_USER
-    echo $MISP_USER:$MISP_PASSWORD | chpasswd
-  else
-    echo "User ${MISP_USER} exists, skipping creation"
-  fi
-}
-
-function installMISPonKali() {
-  # MISP configuration variables
-  PATH_TO_MISP='/var/www/MISP'
-  MISP_BASEURL='https://misp.local'
-  MISP_LIVE='1'
-  CAKE="$PATH_TO_MISP/app/Console/cake"
-
-  # Database configuration
-  DBHOST='localhost'
-  DBNAME='misp'
-  DBUSER_ADMIN='root'
-  DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
-  DBUSER_MISP='misp'
-  DBPASSWORD_MISP="$(openssl rand -hex 32)"
-
-  # Webserver configuration
-  FQDN='misp.local'
-
-  # OpenSSL configuration
-  OPENSSL_CN=$FQDN
-  OPENSSL_C='LU'
-  OPENSSL_ST='State'
-  OPENSSL_L='Location'
-  OPENSSL_O='Organization'
-  OPENSSL_OU='Organizational Unit'
-  OPENSSL_EMAILADDRESS='info@localhost'
-
-  # GPG configuration
-  GPG_REAL_NAME='Autogenerated Key'
-  GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
-  GPG_EMAIL_ADDRESS='admin@admin.test'
-  GPG_KEY_LENGTH='2048'
-  GPG_PASSPHRASE='Password1234'
-
-  # php.ini configuration
-  upload_max_filesize=50M
-  post_max_size=50M
-  max_execution_time=300
-  memory_limit=512M
-  PHP_INI=/etc/php/7.3/apache2/php.ini
-
-  # apt config
-  export DEBIAN_FRONTEND=noninteractive
-
-  # sudo config to run $LUSER commands
-  SUDO="sudo -u ${MISP_USER}"
-  SUDO_WWW="sudo -u www-data"
-
-  echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
-  echo "User  (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
-
-  echo "-----------------------------------------------------------------------"
-  echo "Disabling sleep etc…"
-  gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0
-  gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0
-  gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type 'nothing'
-  xset s 0 0 2> /dev/null
-  xset dpms 0 0 2> /dev/null
-  xset s off 2> /dev/null
-  apt update
-  apt install -qy etckeeper
-  # Skip dist-upgrade for now, pulls in 500+ updated packages
-  #sudo apt -y dist-upgrade
-  git config --global user.email "root@kali.lan"
-  git config --global user.name "Root User"
-  apt install -qy postfix
-
-  apt install -qy \
-  curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \
-  mariadb-client \
-  mariadb-server \
-  apache2 apache2-doc apache2-utils \
-  libapache2-mod-php7.3 php7.3 php7.3-cli  php7.3-mbstring php-pear php7.3-dev php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php-redis php-gnupg \
-  python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
-  libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools expect
-
-  modprobe tpm-rng 2> /dev/null
-  if [ "$?" -eq "0" ]; then 
-    echo tpm-rng >> /etc/modules
-  fi
-  apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS
-  service rng-tools start
-
-  if [ "$?" -eq "1" ]; then 
-    apt purge -qy rng-tools
-    apt install -qy haveged
-    /etc/init.d/haveged start
-  fi
-
-  phpenmod -v 7.3 redis
-  phpenmod -v 7.3 gnupg
-
-  a2dismod status
-  a2dismod php7.2
-  a2enmod ssl rewrite headers php7.3
-  a2dissite 000-default
-  a2ensite default-ssl
-
-  systemctl restart mysql.service
-
-  #update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
-  #update-alternatives --install /usr/bin/python python /usr/bin/python3.6 2
-
-  # As of 20190124 redis-server init.d scripts are broken and need to be replaced
-  mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d`
-
-  echo '#! /bin/sh
-### BEGIN INIT INFO
-# Provides:		redis-server
-# Required-Start:	$syslog
-# Required-Stop:	$syslog
-# Should-Start:		$local_fs
-# Should-Stop:		$local_fs
-# Default-Start:	2 3 4 5
-# Default-Stop:		0 1 6
-# Short-Description:	redis-server - Persistent key-value db
-# Description:		redis-server - Persistent key-value db
-### END INIT INFO
-
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-DAEMON=/usr/bin/redis-server
-DAEMON_ARGS=/etc/redis/redis.conf
-NAME=redis-server
-DESC=redis-server
-PIDFILE=/var/run/redis.pid
-
-test -x $DAEMON || exit 0
-test -x $DAEMONBOOTSTRAP || exit 0
-
-set -e
-
-case "$1" in
-  start)
-	echo -n "Starting $DESC: "
-	touch $PIDFILE
-	chown redis:redis $PIDFILE
-	if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS
-	then
-		echo "$NAME."
-	else
-		echo "failed"
-	fi
-	;;
-  stop)
-	echo -n "Stopping $DESC: "
-	if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
-	then
-		echo "$NAME."
-	else
-		echo "failed"
-	fi
-	rm -f $PIDFILE
-	;;
-
-  restart|force-reload)
-	${0} stop
-	${0} start
-	;;
-  *)
-	echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2
-	exit 1
-	;;
-esac
-
-exit 0' | tee /etc/init.d/redis-server
-  chmod 755 /etc/init.d/redis-server
-  /etc/init.d/redis-server start
-
-  mkdir $PATH_TO_MISP
-  chown www-data:www-data $PATH_TO_MISP
-  cd $PATH_TO_MISP
-  $SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
-
-  $SUDO_WWW git config core.filemode false
-
-  cd $PATH_TO_MISP
-  $SUDO_WWW git submodule update --init --recursive
-  # Make git ignore filesystem permission differences for submodules
-  $SUDO_WWW git submodule foreach --recursive git config core.filemode false
-
-  cd $PATH_TO_MISP/app/files/scripts
-  $SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
-  $SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
-  cd $PATH_TO_MISP/app/files/scripts/python-cybox
-  pip3 install .
-  cd $PATH_TO_MISP/app/files/scripts/python-stix
-  pip3 install .
-  # install STIX2.0 library to support STIX 2.0 export:
-  cd ${PATH_TO_MISP}/cti-python-stix2
-  pip3 install -I .
-
-  cd $PATH_TO_MISP/app/files/scripts/
-  $SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
-  cd $PATH_TO_MISP/app/files/scripts/mixbox
-  pip3 install .
-
-  # install PyMISP
-  cd $PATH_TO_MISP/PyMISP
-  pip3 install .
-
-  cd $PATH_TO_MISP/app
-  mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
-  # Update composer.phar
-  sudo -H -u www-data php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-  sudo -H -u www-data php -r "if (hash_file('SHA384', 'composer-setup.php') === '93b54496392c062774670ac18b134c3b3a95e5a5e5c8f1a9f115f203b75bf9a129d5daa8ba6a13e2cc8a1da0806388a8') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
-  sudo -H -u www-data php composer-setup.php
-  sudo -H -u www-data php -r "unlink('composer-setup.php');"
-  $SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
-  $SUDO_WWW php composer.phar config vendor-dir Vendor
-  $SUDO_WWW php composer.phar install
-
-  $SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
-
-  chown -R www-data:www-data $PATH_TO_MISP
-  chmod -R 750 $PATH_TO_MISP
-  chmod -R g+ws $PATH_TO_MISP/app/tmp
-  chmod -R g+ws $PATH_TO_MISP/app/files
-  chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
-
-  if [ ! -e /var/lib/mysql/misp/users.ibd ]; then
-    echo "
-      set timeout 10
-      spawn mysql_secure_installation
-      expect \"Enter current password for root (enter for none):\"
-      send -- \"\r\"
-      expect \"Set root password?\"
-      send -- \"y\r\"
-      expect \"New password:\"
-      send -- \"${DBPASSWORD_ADMIN}\r\"
-      expect \"Re-enter new password:\"
-      send -- \"${DBPASSWORD_ADMIN}\r\"
-      expect \"Remove anonymous users?\"
-      send -- \"y\r\"
-      expect \"Disallow root login remotely?\"
-      send -- \"y\r\"
-      expect \"Remove test database and access to it?\"
-      send -- \"y\r\"
-      expect \"Reload privilege tables now?\"
-      send -- \"y\r\"
-      expect eof" | expect -f -
-
-    mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
-    mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
-    mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
-    mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
-
-    update-rc.d mysql enable
-    update-rc.d apache2 enable
-    update-rc.d redis-server enable
-
-    $SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
-
-    echo "<?php
-  class DATABASE_CONFIG {
-          public \$default = array(
-                  'datasource' => 'Database/Mysql',
-                  //'datasource' => 'Database/Postgres',
-                  'persistent' => false,
-                  'host' => '$DBHOST',
-                  'login' => '$DBUSER_MISP',
-                  'port' => 3306, // MySQL & MariaDB
-                  //'port' => 5432, // PostgreSQL
-                  'password' => '$DBPASSWORD_MISP',
-                  'database' => '$DBNAME',
-                  'prefix' => '',
-                  'encoding' => 'utf8',
-          );
-  }" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
-  else
-    echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
-    echo "Skipping any creations…"
-    sleep 3
-  fi
-
-  openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
-  -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
-  -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
-
-  if [ ! -e /etc/rc.local ]
-  then
-      echo '#!/bin/sh -e' | tee -a /etc/rc.local
-      echo 'exit 0' | tee -a /etc/rc.local
-      chmod u+x /etc/rc.local
-  fi
-
-  cd /var/www
-  mkdir misp-dashboard
-  chown www-data:www-data misp-dashboard
-  $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
-  cd misp-dashboard
-  /var/www/misp-dashboard/install_dependencies.sh
-  sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
-  sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
-  sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &\n' /etc/rc.local
-  sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
-  sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
-  sed -i -e '$i \    echo "Updating ${d}"\n' /etc/rc.local
-  sed -i -e '$i \    cd $d && sudo git pull &\n' /etc/rc.local
-  sed -i -e '$i \done\n' /etc/rc.local
-  $SUDO_WWW bash /var/www/misp-dashboard/start_all.sh
-
-  apt install libapache2-mod-wsgi-py3 -y
-
-  echo "<VirtualHost _default_:80>
-          ServerAdmin admin@localhost.lu
-          ServerName misp.local
-
-          Redirect permanent / https://misp.local
-
-          LogLevel warn
-          ErrorLog /var/log/apache2/misp.local_error.log
-          CustomLog /var/log/apache2/misp.local_access.log combined
-          ServerSignature Off
-  </VirtualHost>
-
-  <VirtualHost _default_:443>
-          ServerAdmin admin@localhost.lu
-          ServerName misp.local
-          DocumentRoot $PATH_TO_MISP/app/webroot
-
-          <Directory $PATH_TO_MISP/app/webroot>
-                  Options -Indexes
-                  AllowOverride all
-  		            Require all granted
-                  Order allow,deny
-                  allow from all
-          </Directory>
-
-          SSLEngine On
-          SSLCertificateFile /etc/ssl/private/misp.local.crt
-          SSLCertificateKeyFile /etc/ssl/private/misp.local.key
-  #        SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
-
-          LogLevel warn
-          ErrorLog /var/log/apache2/misp.local_error.log
-          CustomLog /var/log/apache2/misp.local_access.log combined
-          ServerSignature Off
-          Header set X-Content-Type-Options nosniff
-          Header set X-Frame-Options DENY
-  </VirtualHost>" | tee /etc/apache2/sites-available/misp-ssl.conf
-
-  echo "127.0.0.1 misp.local" | tee -a /etc/hosts
-
-  echo "<VirtualHost *:8001>
-      ServerAdmin admin@misp.local
-      ServerName misp.local
-
-      DocumentRoot /var/www/misp-dashboard
-
-      WSGIDaemonProcess misp-dashboard \
-         user=misp group=misp \
-         python-home=/var/www/misp-dashboard/DASHENV \
-         processes=1 \
-         threads=15 \
-         maximum-requests=5000 \
-         listen-backlog=100 \
-         queue-timeout=45 \
-         socket-timeout=60 \
-         connect-timeout=15 \
-         request-timeout=60 \
-         inactivity-timeout=0 \
-         deadlock-timeout=60 \
-         graceful-timeout=15 \
-         eviction-timeout=0 \
-         shutdown-timeout=5 \
-         send-buffer-size=0 \
-         receive-buffer-size=0 \
-         header-buffer-size=0 \
-         response-buffer-size=0 \
-         server-metrics=Off
-
-      WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
-
-      <Directory /var/www/misp-dashboard>
-          WSGIProcessGroup misp-dashboard
-          WSGIApplicationGroup %{GLOBAL}
-          Require all granted
-      </Directory>
-
-      LogLevel info
-      ErrorLog /var/log/apache2/misp-dashboard.local_error.log
-      CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
-      ServerSignature Off
-  </VirtualHost>" | tee /etc/apache2/sites-available/misp-dashboard.conf
-
-  a2dissite default-ssl
-  a2ensite misp-ssl
-  a2ensite misp-dashboard
-
-  for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
-  do
-      sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
-  done
-
-  systemctl restart apache2
-
-  cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
-  chmod 0640 /etc/logrotate.d/misp
-
-  $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
-  $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
-  $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
-
-  chown -R www-data:www-data $PATH_TO_MISP/app/Config
-  chmod -R 750 $PATH_TO_MISP/app/Config
-  $CAKE Live $MISP_LIVE
-  $CAKE Baseurl $MISP_BASEURL
-
-  echo "%echo Generating a default key
-      Key-Type: default
-      Key-Length: $GPG_KEY_LENGTH
-      Subkey-Type: default
-      Name-Real: $GPG_REAL_NAME
-      Name-Comment: $GPG_COMMENT
-      Name-Email: $GPG_EMAIL_ADDRESS
-      Expire-Date: 0
-      Passphrase: $GPG_PASSPHRASE
-      # Do a commit here, so that we can later print "done"
-      %commit
-  %echo done" > /tmp/gen-key-script
-
-  $SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
-
-  $SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
-
-  chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
-
-  $CAKE userInit -q
-
-  AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
-
-  $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
-  $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
-  $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
-  $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
-  $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
-  $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
-  $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
-  $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
-  $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
-  $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
-  $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
-  $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
-  $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
-  $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
-  $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
-  $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
-  $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
-  $CAKE Admin setSetting "GnuPG.homedir" "/var/www/MISP/.gnupg"
-  $CAKE Admin setSetting "GnuPG.password" "Password1234"
-  $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
-  $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
-  $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
-  $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
-  $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
-  $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
-  $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
-  $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
-  $CAKE Admin setSetting "Plugin.Import_services_enable" true
-  $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
-  $CAKE Admin setSetting "Plugin.Import_services_port" 6666
-  $CAKE Admin setSetting "Plugin.Import_timeout" 300
-  $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
-  $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
-  $CAKE Admin setSetting "Plugin.Export_services_enable" true
-  $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
-  $CAKE Admin setSetting "Plugin.Export_services_port" 6666
-  $CAKE Admin setSetting "Plugin.Export_timeout" 300
-  $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
-  $CAKE Admin setSetting "MISP.host_org_id" 1
-  $CAKE Admin setSetting "MISP.email" "info@admin.test"
-  $CAKE Admin setSetting "MISP.disable_emailing" false
-  $CAKE Admin setSetting "MISP.contact" "info@admin.test"
-  $CAKE Admin setSetting "MISP.disablerestalert" true
-  $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
-  $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
-  $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
-  $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
-  $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
-  $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
-  $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
-  $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
-  $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
-  $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
-  $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
-  $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
-  $CAKE Admin setSetting "Plugin.Sightings_policy" 0
-  $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
-  $CAKE Admin setSetting "Plugin.Sightings_range" 365
-  $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
-  $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
-  $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
-  $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
-  $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
-  $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
-  $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
-  $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
-  $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
-  $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
-  $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
-  $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
-  $CAKE Admin setSetting "MISP.language" "eng"
-  $CAKE Admin setSetting "MISP.proposals_block_attributes" false
-  $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
-  $CAKE Admin setSetting "MISP.redis_port" 6379
-  $CAKE Admin setSetting "MISP.redis_database" 13
-  $CAKE Admin setSetting "MISP.redis_password" ""
-  $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
-  $CAKE Admin setSetting "MISP.extended_alert_subject" false
-  $CAKE Admin setSetting "MISP.default_event_threat_level" 4
-  $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
-  $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
-  $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
-  $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
-  $CAKE Admin setSetting "MISP.log_client_ip" false
-  $CAKE Admin setSetting "MISP.log_auth" false
-  $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
-  $CAKE Admin setSetting "MISP.block_event_alert" false
-  $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
-  $CAKE Admin setSetting "MISP.block_old_event_alert" false
-  $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
-  $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
-  $CAKE Admin setSetting "MISP.footermidleft" "This is an autogenerated install"
-  $CAKE Admin setSetting "MISP.footermidright" "Please configure accordingly and do not use in production"
-  $CAKE Admin setSetting "MISP.welcome_text_top" "Autogenerated install, please configure and harden accordingly"
-  $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on Kali"
-  $CAKE Admin setSetting "Security.password_policy_length" 12
-  $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
-  $CAKE Admin setSetting "Session.autoRegenerate" 0
-  $CAKE Admin setSetting "Session.timeout" 600
-  $CAKE Admin setSetting "Session.cookie_timeout" 3600
-  $CAKE Live $MISP_LIVE
-  #$CAKE Admin updateGalaxies
-  curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
-  $CAKE Admin updateTaxonomies
-  #$CAKE Admin updateWarningLists
-  curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
-  curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
-  curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
-  sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
-  sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
-  sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
-  sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
-  sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
-  $SUDO_WWW bash $PATH_TO_MISP/app/Console/worker/start.sh
-  cd /usr/local/src/
-  git clone https://github.com/MISP/misp-modules.git
-  cd misp-modules
-  # pip3 install
-  pip3 install -I -r REQUIREMENTS
-  pip3 install -I .
-  pip3 install maec lief python-magic wand yara
-  pip3 install git+https://github.com/kbandla/pydeep.git
-  gem install pygments.rb
-  gem install asciidoctor-pdf --pre
-  $SUDO_WWW misp-modules -l 0.0.0.0 -s &
-  cd /usr/local/src/
-  apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
-  pip3 install SQLAlchemy PrettyTable python-magic
-  git clone https://github.com/viper-framework/viper.git
-  chown -R $MISP_USER:$MISP_USER viper
-  cd viper
-  $SUDO git submodule update --init --recursive
-  pip3 install scrapy
-  pip3 install -r requirements.txt
-  pip3 uninstall yara -y
-  $SUDO /usr/local/src/viper/viper-cli -h > /dev/null
-  $SUDO /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
-  echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |tee /etc/environment
-  echo ". /etc/environment" >> /home/${MISP_USER}/.profile
-  $SUDO sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" /home/${MISP_USER}/.viper/viper.conf
-  $SUDO sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" /home/${MISP_USER}/.viper/viper.conf
-
-  while [ "$(sqlite3 /home/${MISP_USER}/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo $?)" -ne "0" ]; do
-    # FIXME This might lead to a race condition, the while loop is sub-par
-   chown $MISP_USER:$MISP_USER /home/${MISP_USER}/.viper/admin.db
-    echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…"
-    sleep 6
-  done
-
-  chown -R www-data:www-data $PATH_TO_MISP
-  chmod -R 750 $PATH_TO_MISP
-  chmod -R g+ws $PATH_TO_MISP/app/tmp
-  chmod -R g+ws $PATH_TO_MISP/app/files
-  chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
-
-  # TODO: fix faup
-  cd /usr/local/src/
-  apt-get install -y cmake
-  git clone https://github.com/MISP/mail_to_misp.git
-  git clone git://github.com/stricaud/faup.git faup
-  chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp
-  cd faup
-  $SUDO mkdir -p build
-  cd build
-  $SUDO cmake .. && $SUDO make
-  make install
-  ldconfig
-  cd ../../
-  cd mail_to_misp
-  pip3 install -r requirements.txt
-  $SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
-  sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
-  sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
-  echo ""
-  echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" > /home/${MISP_USER}/mysql.txt
-  echo "User  (misp) DB Password: $DBPASSWORD_MISP" >> /home/${MISP_USER}/mysql.txt
-  echo "Authkey: $AUTH_KEY" > /home/${MISP_USER}/MISP-authkey.txt
-
-  clear
-  echo "-------------------------------------------------------------------------"
-  echo "MISP Installed, access here: https://misp.local"
-  echo "User: admin@admin.test"
-  echo "Password: admin"
-  echo "MISP Dashboard, access here: http://misp.local:8001"
-  echo "-------------------------------------------------------------------------"
-  cat /home/${MISP_USER}/mysql.txt
-  cat /home/${MISP_USER}/MISP-authkey.txt
-  echo "-------------------------------------------------------------------------"
-  echo "The LOCAL system credentials:"
-  echo "User: ${MISP_USER}"
-  echo "Password: ${MISP_PASSWORD}"
-  echo "-------------------------------------------------------------------------"
-  echo "viper-web installed, access here: http://misp.local:8888"
-  echo "viper-cli configured with your MISP Site Admin Auth Key"
-  echo "User: admin"
-  echo "Password: Password1234"
-  echo "-------------------------------------------------------------------------"
-  echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:"
-  echo ""
-  echo "sudo postconf -e 'relayhost = example.com'"
-  echo "sudo postfix reload"
-  echo "-------------------------------------------------------------------------"
-  echo "Enjoy using MISP. For any issues see here: https://github.com/MISP/MISP/issues"
-  su - misp
-}
-
-kaliOnRootR0ckz
-installMISPonKali
diff --git a/INSTALL/INSTALL.kali.txt b/INSTALL/INSTALL.kali.txt
new file mode 120000
index 000000000..72f6638eb
--- /dev/null
+++ b/INSTALL/INSTALL.kali.txt
@@ -0,0 +1 @@
+INSTALL.debian.sh
\ No newline at end of file
diff --git a/INSTALL/apache.misp.centos7.ssl b/INSTALL/apache.misp.centos7.ssl
index d71dd62f2..7192d51a9 100644
--- a/INSTALL/apache.misp.centos7.ssl
+++ b/INSTALL/apache.misp.centos7.ssl
@@ -32,7 +32,7 @@
     SSLEngine On
     SSLCertificateFile /etc/pki/tls/certs/misp.local.crt
     SSLCertificateKeyFile /etc/pki/tls/private/misp.local.key
-#    SSLCertificateChainFile /etc/pki/tls/certs/misp-chain.crt
+    SSLCertificateChainFile /etc/pki/tls/certs/misp-chain.crt
 
     LogLevel warn
     ErrorLog /var/log/httpd/misp.local_error.log
diff --git a/PyMISP b/PyMISP
index bab80181f..dc5d40a32 160000
--- a/PyMISP
+++ b/PyMISP
@@ -1 +1 @@
-Subproject commit bab80181f17976cb6c5388e7bad49cbbf514fb89
+Subproject commit dc5d40a327233895792b8148a7c87d5a1c2ebfb1
diff --git a/README.md b/README.md
index 5ee607a23..45050d29f 100644
--- a/README.md
+++ b/README.md
@@ -107,8 +107,8 @@ This software is licensed under [GNU Affero General Public License version 3](ht
 * Copyright (C) 2012 Christophe Vandeplas
 * Copyright (C) 2012 Belgian Defence
 * Copyright (C) 2012 NATO / NCIRC
-* Copyright (C) 2013-2018 Andras Iklody
-* Copyright (C) 2015-2018 CIRCL - Computer Incident Response Center Luxembourg
+* Copyright (C) 2013-2019 Andras Iklody
+* Copyright (C) 2015-2019 CIRCL - Computer Incident Response Center Luxembourg
 * Copyright (C) 2016 Andreas Ziegler
 
 For more information, [the list of authors and contributors](AUTHORS) is available.
diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php
index 6237f8d93..8c3e177d3 100644
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@@ -3871,6 +3871,9 @@ class EventsController extends AppController
             } else {
                 $data = $this->request->data;
             }
+            if (!isset($data['request'])) {
+                $data = array('request' => $data);
+            }
             $paramArray = array('id', 'withAttachment', 'tags', 'from', 'to', 'last');
             foreach ($paramArray as $p) {
                 if (isset($data['request'][$p])) {
@@ -3920,7 +3923,7 @@ class EventsController extends AppController
             }
             $this->set('data', $result['data']);
         } else {
-            throw new Exception(h($result['message']));
+            throw new BadRequestException(h($result['message']));
         }
     }
 
diff --git a/app/Controller/ShadowAttributesController.php b/app/Controller/ShadowAttributesController.php
index 176424599..700ec9c0d 100644
--- a/app/Controller/ShadowAttributesController.php
+++ b/app/Controller/ShadowAttributesController.php
@@ -824,7 +824,7 @@ class ShadowAttributesController extends AppController
             $id = $temp['Attribute']['id'];
         }
 
-        $existingAttribute = $this->ShadowAttribute->Event->Attribute->fetchAttributes($this->Auth->user(), array('Attriute.id' => $id));
+        $existingAttribute = $this->ShadowAttribute->Event->Attribute->fetchAttributes($this->Auth->user(), array('conditions' => array('Attribute.id' => $id)));
         if (empty($existingAttribute)) {
             throw new NotFoundException(__('Invalid attribute.'));
         }
@@ -833,6 +833,7 @@ class ShadowAttributesController extends AppController
             if (empty($existingAttribute)) {
                 return new CakeResponse(array('body'=> json_encode(array('false' => true, 'errors' => 'Invalid Attribute.')), 'status'=>200, 'type' => 'json'));
             }
+            $existingAttribute = $existingAttribute[0];
             $this->ShadowAttribute->create();
             $sa = array(
                     'old_id' => $existingAttribute['Attribute']['id'],
@@ -861,6 +862,7 @@ class ShadowAttributesController extends AppController
             if (empty($existingAttribute)) {
                 throw new NotFoundException(__('Invalid Attribute'));
             }
+            $existingAttribute = $existingAttribute[0];
             $this->set('id', $id);
             $this->set('event_id', $existingAttribute['Attribute']['event_id']);
             $this->render('ajax/deletionProposalConfirmationForm');
diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php
index 08ee859e8..7b09b06ee 100644
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@@ -72,7 +72,8 @@ class Attribute extends AppModel
             'port',
             'nationality',
             'cortex',
-            'boolean'
+            'boolean',
+            'anonymised'
     );
 
     public $primaryOnlyCorrelatingTypes = array(
@@ -160,6 +161,7 @@ class Attribute extends AppModel
             'AS' => array('desc' => 'Autonomous system', 'default_category' => 'Network activity', 'to_ids' => 0),
             'snort' => array('desc' => 'An IDS rule in Snort rule-format', 'formdesc' => "An IDS rule in Snort rule-format. This rule will be automatically rewritten in the NIDS exports.", 'default_category' => 'Network activity', 'to_ids' => 1),
             'bro' => array('desc' => 'An NIDS rule in the Bro rule-format', 'formdesc' => "An NIDS rule in the Bro rule-format.", 'default_category' => 'Network activity', 'to_ids' => 1),
+            'zeek' => array('desc' => 'An NIDS rule in the Zeek rule-format', 'formdesc' => "An NIDS rule in the Zeek rule-format.", 'default_category' => 'Network activity', 'to_ids' => 1),
             'pattern-in-file' => array('desc' => 'Pattern in file that identifies the malware', 'default_category' => 'Payload installation', 'to_ids' => 1),
             'pattern-in-traffic' => array('desc' => 'Pattern in network traffic that identifies the malware', 'default_category' => 'Network activity', 'to_ids' => 1),
             'pattern-in-memory' => array('desc' => 'Pattern in memory dump that identifies the malware', 'default_category' => 'Payload installation', 'to_ids' => 1),
@@ -292,7 +294,8 @@ class Attribute extends AppModel
             'passenger-name-record-locator-number' => array('desc' => 'The Passenger Name Record Locator is a key under which the reservation for a trip is stored in the system. The PNR contains, among other data, the name, flight segments and address of the passenger. It is defined by a combination of five or six letters and numbers.', 'default_category' => 'Person', 'to_ids' => 0),
             'mobile-application-id' => array('desc' => 'The application id of a mobile application', 'default_category' => 'Payload delivery', 'to_ids' => 1),
             'cortex' => array('desc' => 'Cortex analysis result', 'default_category' => 'External analysis', 'to_ids' => 0),
-            'boolean' => array('desc' => 'Boolean value - to be used in objects', 'default_category' => 'Other', 'to_ids' => 0)
+            'boolean' => array('desc' => 'Boolean value - to be used in objects', 'default_category' => 'Other', 'to_ids' => 0),
+            'anonymised' => array('desc' => 'Anonymised value - described with the anonymisation object via a relationship',  'formdesc' => 'Anonymised value - described with the anonymisation object via a relationship.' , 'default_category' => 'Other', 'to_ids' => 0)
             // Not convinced about this.
             //'url-regex' => array('desc' => '', 'default_category' => 'Person', 'to_ids' => 0),
     );
@@ -302,76 +305,76 @@ class Attribute extends AppModel
     public $categoryDefinitions = array(
             'Internal reference' => array(
                     'desc' => 'Reference used by the publishing party (e.g. ticket number)',
-                    'types' => array('text', 'link', 'comment', 'other', 'hex')
+                    'types' => array('text', 'link', 'comment', 'other', 'hex', 'anonymised')
                     ),
             'Targeting data' => array(
                     'desc' => 'Internal Attack Targeting and Compromise Information',
                     'formdesc' => 'Targeting information to include recipient email, infected machines, department, and or locations.',
-                    'types' => array('target-user', 'target-email', 'target-machine', 'target-org', 'target-location', 'target-external', 'comment')
+                    'types' => array('target-user', 'target-email', 'target-machine', 'target-org', 'target-location', 'target-external', 'comment', 'anonymised')
                     ),
             'Antivirus detection' => array(
                     'desc' => 'All the info about how the malware is detected by the antivirus products',
                     'formdesc' => 'List of anti-virus vendors detecting the malware or information on detection performance (e.g. 13/43 or 67%). Attachment with list of detection or link to VirusTotal could be placed here as well.',
-                    'types' => array('link', 'comment', 'text', 'hex', 'attachment', 'other')
+                    'types' => array('link', 'comment', 'text', 'hex', 'attachment', 'other', 'anonymised')
                     ),
             'Payload delivery' => array(
                     'desc' => 'Information about how the malware is delivered',
                     'formdesc' => 'Information about the way the malware payload is initially delivered, for example information about the email or web-site, vulnerability used, originating IP etc. Malware sample itself should be attached here.',
-                    'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'impfuzzy', 'authentihash', 'pehash', 'tlsh', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash','filename|impfuzzy', 'filename|pehash', 'mac-address', 'mac-eui-64', 'ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'hostname', 'domain', 'email-src', 'email-dst', 'email-subject', 'email-attachment', 'email-body', 'url', 'user-agent', 'AS', 'pattern-in-file', 'pattern-in-traffic', 'stix2-pattern', 'yara', 'sigma', 'mime-type', 'attachment', 'malware-sample', 'link', 'malware-type', 'comment', 'text', 'hex', 'vulnerability', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'ja3-fingerprint-md5', 'hassh-md5', 'hasshserver-md5', 'other', 'hostname|port', 'email-dst-display-name', 'email-src-display-name', 'email-header', 'email-reply-to', 'email-x-mailer', 'email-mime-boundary', 'email-thread-index', 'email-message-id', 'mobile-application-id', 'whois-registrant-email')
+                    'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'impfuzzy', 'authentihash', 'pehash', 'tlsh', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash','filename|impfuzzy', 'filename|pehash', 'mac-address', 'mac-eui-64', 'ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'hostname', 'domain', 'email-src', 'email-dst', 'email-subject', 'email-attachment', 'email-body', 'url', 'user-agent', 'AS', 'pattern-in-file', 'pattern-in-traffic', 'stix2-pattern', 'yara', 'sigma', 'mime-type', 'attachment', 'malware-sample', 'link', 'malware-type', 'comment', 'text', 'hex', 'vulnerability', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'ja3-fingerprint-md5', 'hassh-md5', 'hasshserver-md5', 'other', 'hostname|port', 'email-dst-display-name', 'email-src-display-name', 'email-header', 'email-reply-to', 'email-x-mailer', 'email-mime-boundary', 'email-thread-index', 'email-message-id', 'mobile-application-id', 'whois-registrant-email', 'anonymised')
                     ),
             'Artifacts dropped' => array(
                     'desc' => 'Any artifact (files, registry keys etc.) dropped by the malware or other modifications to the system',
-                    'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'impfuzzy', 'authentihash', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|impfuzzy','filename|pehash', 'regkey', 'regkey|value', 'pattern-in-file', 'pattern-in-memory','pdb', 'stix2-pattern', 'yara', 'sigma', 'attachment', 'malware-sample', 'named pipe', 'mutex', 'windows-scheduled-task', 'windows-service-name', 'windows-service-displayname', 'comment', 'text', 'hex', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'other', 'cookie', 'gene', 'mime-type')
+                    'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'impfuzzy', 'authentihash', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|impfuzzy','filename|pehash', 'regkey', 'regkey|value', 'pattern-in-file', 'pattern-in-memory','pdb', 'stix2-pattern', 'yara', 'sigma', 'attachment', 'malware-sample', 'named pipe', 'mutex', 'windows-scheduled-task', 'windows-service-name', 'windows-service-displayname', 'comment', 'text', 'hex', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'other', 'cookie', 'gene', 'mime-type', 'anonymised')
                     ),
             'Payload installation' => array(
                     'desc' => 'Info on where the malware gets installed in the system',
                     'formdesc' => 'Location where the payload was placed in the system and the way it was installed. For example, a filename|md5 type attribute can be added here like this: c:\\windows\\system32\\malicious.exe|41d8cd98f00b204e9800998ecf8427e.',
-                    'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'impfuzzy', 'authentihash', 'pehash', 'tlsh', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|impfuzzy', 'filename|pehash', 'pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'stix2-pattern', 'yara', 'sigma', 'vulnerability', 'attachment', 'malware-sample', 'malware-type', 'comment', 'text', 'hex', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'mobile-application-id', 'other', 'mime-type')
+                    'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'impfuzzy', 'authentihash', 'pehash', 'tlsh', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|impfuzzy', 'filename|pehash', 'pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'stix2-pattern', 'yara', 'sigma', 'vulnerability', 'attachment', 'malware-sample', 'malware-type', 'comment', 'text', 'hex', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'mobile-application-id', 'other', 'mime-type', 'anonymised')
                     ),
             'Persistence mechanism' => array(
                     'desc' => 'Mechanisms used by the malware to start at boot',
                     'formdesc' => 'Mechanisms used by the malware to start at boot. This could be a registry key, legitimate driver modification, LNK file in startup',
-                    'types' => array('filename', 'regkey', 'regkey|value', 'comment', 'text', 'other', 'hex')
+                    'types' => array('filename', 'regkey', 'regkey|value', 'comment', 'text', 'other', 'hex', 'anonymised')
                     ),
             'Network activity' => array(
                     'desc' => 'Information about network traffic generated by the malware',
-                    'types' => array('ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'port', 'hostname', 'domain', 'domain|ip', 'mac-address', 'mac-eui-64', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-file', 'stix2-pattern', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'x509-fingerprint-md5', 'x509-fingerprint-sha1', 'x509-fingerprint-sha256', 'ja3-fingerprint-md5', 'hassh-md5', 'hasshserver-md5', 'other', 'hex', 'cookie', 'hostname|port', 'bro')
+                    'types' => array('ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'port', 'hostname', 'domain', 'domain|ip', 'mac-address', 'mac-eui-64', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-file', 'stix2-pattern', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'x509-fingerprint-md5', 'x509-fingerprint-sha1', 'x509-fingerprint-sha256', 'ja3-fingerprint-md5', 'hassh-md5', 'hasshserver-md5', 'other', 'hex', 'cookie', 'hostname|port', 'bro', 'zeek', 'anonymised')
                     ),
             'Payload type' => array(
                     'desc' => 'Information about the final payload(s)',
                     'formdesc' => 'Information about the final payload(s). Can contain a function of the payload, e.g. keylogger, RAT, or a name if identified, such as Poison Ivy.',
-                    'types' => array('comment', 'text', 'other')
+                    'types' => array('comment', 'text', 'other', 'anonymised')
                     ),
             'Attribution' => array(
                     'desc' => 'Identification of the group, organisation, or country behind the attack',
-                    'types' => array('threat-actor', 'campaign-name', 'campaign-id', 'whois-registrant-phone', 'whois-registrant-email', 'whois-registrant-name', 'whois-registrant-org', 'whois-registrar', 'whois-creation-date','comment', 'text', 'x509-fingerprint-sha1','x509-fingerprint-md5', 'x509-fingerprint-sha256', 'other', 'dns-soa-email')
+                    'types' => array('threat-actor', 'campaign-name', 'campaign-id', 'whois-registrant-phone', 'whois-registrant-email', 'whois-registrant-name', 'whois-registrant-org', 'whois-registrar', 'whois-creation-date','comment', 'text', 'x509-fingerprint-sha1','x509-fingerprint-md5', 'x509-fingerprint-sha256', 'other', 'dns-soa-email', 'anonymised')
                     ),
             'External analysis' => array(
                     'desc' => 'Any other result from additional analysis of the malware like tools output',
                     'formdesc' => 'Any other result from additional analysis of the malware like tools output Examples: pdf-parser output, automated sandbox analysis, reverse engineering report.',
-                    'types' => array('md5', 'sha1', 'sha256','filename', 'filename|md5', 'filename|sha1', 'filename|sha256', 'ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'mac-address', 'mac-eui-64', 'hostname', 'domain', 'domain|ip', 'url', 'user-agent', 'regkey', 'regkey|value', 'AS', 'snort', 'bro','pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'vulnerability', 'attachment', 'malware-sample', 'link', 'comment', 'text', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'ja3-fingerprint-md5', 'hassh-md5', 'hasshserver-md5', 'github-repository', 'other', 'cortex')
+                    'types' => array('md5', 'sha1', 'sha256','filename', 'filename|md5', 'filename|sha1', 'filename|sha256', 'ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'mac-address', 'mac-eui-64', 'hostname', 'domain', 'domain|ip', 'url', 'user-agent', 'regkey', 'regkey|value', 'AS', 'snort', 'bro', 'zeek', 'pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'vulnerability', 'attachment', 'malware-sample', 'link', 'comment', 'text', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'ja3-fingerprint-md5', 'hassh-md5', 'hasshserver-md5', 'github-repository', 'other', 'cortex', 'anonymised')
                     ),
             'Financial fraud' => array(
                     'desc' => 'Financial Fraud indicators',
                     'formdesc' => 'Financial Fraud indicators, for example: IBAN Numbers, BIC codes, Credit card numbers, etc.',
-                    'types' => array('btc', 'xmr', 'iban', 'bic', 'bank-account-nr', 'aba-rtn', 'bin', 'cc-number', 'prtn', 'phone-number', 'comment', 'text', 'other', 'hex'),
+                    'types' => array('btc', 'xmr', 'iban', 'bic', 'bank-account-nr', 'aba-rtn', 'bin', 'cc-number', 'prtn', 'phone-number', 'comment', 'text', 'other', 'hex', 'anonymised'),
                     ),
             'Support Tool' => array(
                     'desc' => 'Tools supporting analysis or detection of the event',
-                    'types' => array('link', 'text', 'attachment', 'comment', 'other', 'hex')
+                    'types' => array('link', 'text', 'attachment', 'comment', 'other', 'hex', 'anonymised')
             ),
             'Social network' => array(
                     'desc' => 'Social networks and platforms',
                     // email-src and email-dst or should we go with a new email type that is neither / both?
-                    'types' => array('github-username', 'github-repository', 'github-organisation', 'jabber-id', 'twitter-id', 'email-src', 'email-dst', 'comment', 'text', 'other', 'whois-registrant-email')
+                    'types' => array('github-username', 'github-repository', 'github-organisation', 'jabber-id', 'twitter-id', 'email-src', 'email-dst', 'comment', 'text', 'other', 'whois-registrant-email', 'anonymised')
             ),
             'Person' => array(
                     'desc' => 'A human being - natural person',
-                    'types' => array('first-name', 'middle-name', 'last-name', 'date-of-birth', 'place-of-birth', 'gender', 'passport-number', 'passport-country', 'passport-expiration', 'redress-number', 'nationality', 'visa-number', 'issue-date-of-the-visa', 'primary-residence', 'country-of-residence', 'special-service-request', 'frequent-flyer-number', 'travel-details', 'payment-details', 'place-port-of-original-embarkation', 'place-port-of-clearance', 'place-port-of-onward-foreign-destination', 'passenger-name-record-locator-number', 'comment', 'text', 'other', 'phone-number', 'identity-card-number')
+                    'types' => array('first-name', 'middle-name', 'last-name', 'date-of-birth', 'place-of-birth', 'gender', 'passport-number', 'passport-country', 'passport-expiration', 'redress-number', 'nationality', 'visa-number', 'issue-date-of-the-visa', 'primary-residence', 'country-of-residence', 'special-service-request', 'frequent-flyer-number', 'travel-details', 'payment-details', 'place-port-of-original-embarkation', 'place-port-of-clearance', 'place-port-of-onward-foreign-destination', 'passenger-name-record-locator-number', 'comment', 'text', 'other', 'phone-number', 'identity-card-number', 'anonymised')
             ),
             'Other' => array(
                     'desc' => 'Attributes that are not part of any other category or are meant to be used as a component in MISP objects in the future',
-                    'types' => array('comment', 'text', 'other', 'size-in-bytes', 'counter', 'datetime', 'cpe', 'port', 'float', 'hex', 'phone-number', 'boolean')
+                    'types' => array('comment', 'text', 'other', 'size-in-bytes', 'counter', 'datetime', 'cpe', 'port', 'float', 'hex', 'phone-number', 'boolean', 'anonymised')
                     )
     );
 
@@ -424,7 +427,7 @@ class Attribute extends AppModel
     // This helps generate quick filtering for the event view, but we may reuse this and enhance it in the future for other uses (such as the API?)
     public $typeGroupings = array(
         'file' => array('attachment', 'pattern-in-file', 'md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'impfuzzy', 'authentihash', 'pehash', 'tlsh', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|pehash', 'malware-sample', 'x509-fingerprint-sha1', 'x509-fingerprint-sha256', 'x509-fingerprint-md5'),
-        'network' => array('ip-src', 'ip-dst', 'ip-src|port', 'ip-dst|port', 'mac-address', 'mac-eui-64', 'hostname', 'hostname|port', 'domain', 'domain|ip', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'bro','pattern-in-traffic', 'x509-fingerprint-md5', 'x509-fingerprint-sha1', 'x509-fingerprint-sha256','ja3-fingerprint-md5', 'hassh-md5', 'hasshserver-md5'),
+        'network' => array('ip-src', 'ip-dst', 'ip-src|port', 'ip-dst|port', 'mac-address', 'mac-eui-64', 'hostname', 'hostname|port', 'domain', 'domain|ip', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'bro', 'zeek',  'pattern-in-traffic', 'x509-fingerprint-md5', 'x509-fingerprint-sha1', 'x509-fingerprint-sha256','ja3-fingerprint-md5', 'hassh-md5', 'hasshserver-md5'),
         'financial' => array('btc', 'xmr', 'iban', 'bic', 'bank-account-nr', 'aba-rtn', 'bin', 'cc-number', 'prtn', 'phone-number')
     );
 
@@ -1160,6 +1163,8 @@ class Attribute extends AppModel
             case 'AS':
             case 'snort':
             case 'bro':
+            case 'zeek':
+            case 'anonymised':
             case 'pattern-in-file':
             case 'pattern-in-traffic':
             case 'pattern-in-memory':
@@ -1339,6 +1344,7 @@ class Attribute extends AppModel
             case 'authentihash':
             case 'imphash':
             case 'tlsh':
+            case 'anonymised':
             case 'cdhash':
             case 'email-src':
             case 'email-dst':
diff --git a/app/Model/AttributeTag.php b/app/Model/AttributeTag.php
index 09fa60ec2..1f40d006a 100644
--- a/app/Model/AttributeTag.php
+++ b/app/Model/AttributeTag.php
@@ -62,6 +62,11 @@ class AttributeTag extends AppModel
         }
     }
 
+    public function softDelete($id)
+    {
+        $this->delete($id);
+    }
+
     public function attachTagToAttribute($attribute_id, $event_id, $tag_id)
     {
         $existingAssociation = $this->find('first', array(
diff --git a/app/Model/EventTag.php b/app/Model/EventTag.php
index ffbe246b1..9535873bc 100644
--- a/app/Model/EventTag.php
+++ b/app/Model/EventTag.php
@@ -56,6 +56,11 @@ class EventTag extends AppModel
         }
     }
 
+    public function softDelete($id)
+    {
+        $this->delete($id);
+    }
+
     // take an array of tag names to be included and an array with tagnames to be excluded and find all event IDs that fit the criteria
     public function getEventIDsFromTags($includedTags, $excludedTags)
     {
diff --git a/app/Model/Feed.php b/app/Model/Feed.php
index 48e6c5d4c..1d0237312 100644
--- a/app/Model/Feed.php
+++ b/app/Model/Feed.php
@@ -372,7 +372,7 @@ class Feed extends AppModel
             $results = $pipe->exec();
             if (!$overrideLimit && count($objects) > 10000) {
                 foreach ($results as $k => $result) {
-                    if ($result) {
+                    if ($result && empty($objects[$k]['disable_correlation'])) {
                         if (isset($event['FeedCount'])) {
                             $event['FeedCount']++;
                         } else {
@@ -383,7 +383,7 @@ class Feed extends AppModel
                 }
             } else {
                 foreach ($results as $k => $result) {
-                    if ($result) {
+                    if ($result && empty($objects[$k]['disable_correlation'])) {
                         $hitIds[] = $k;
                     }
                 }
diff --git a/app/Model/Tag.php b/app/Model/Tag.php
index 5b63e0f76..649c2489f 100644
--- a/app/Model/Tag.php
+++ b/app/Model/Tag.php
@@ -413,4 +413,211 @@ class Tag extends AppModel
         }
         return $events;
     }
+
+    public function fixMitreTags($user)
+    {
+        $full_print_buffer = '';
+        $this->GalaxyCluster = Classregistry::init('GalaxyCluster');
+        // first find all tags that are the bad tags:
+        // - the enterprise-, pre- and mobile-attack
+        // - the old version of the MITRE tag (without Txx, Pxx, ...)
+        $mitre_categories = array('attack-pattern', 'course-of-action', 'intrusion-set', 'malware', 'mitre-tool');
+        $mitre_stages = array('enterprise-attack', 'pre-attack', 'mobile-attack');
+        $cluster_names = $this->GalaxyCluster->find('list', 
+            array('fields' => array('GalaxyCluster.tag_name'), 
+                  'group' => array('GalaxyCluster.id', 'GalaxyCluster.tag_name'),
+                  'conditions' => array('GalaxyCluster.tag_name LIKE' => 'misp-galaxy:mitre-%')
+              ));
+        // this is a mapping to keep track of what old tag we need to change (key) to what new tag(value)
+        // key = old_tag_id, value = new_tag_name
+        $mappings = array();
+        // First find all tags which are the old format, but who's string needs to be updated
+        // Example: mitre-malware="XAgentOSX" => mitre-malware="XAgentOSX - S0161" 
+        // Once found we will add these to a mapping
+        foreach ($mitre_categories as $category) {
+            $tag_start = 'misp-galaxy:mitre-' . $category;
+            // print("<h2>### Searching for $category</h2>");
+            $tags = $this->find('all', array(
+                'conditions' => array('Tag.name LIKE' => $tag_start . '=%'),
+                'recursive' => -1));
+            // print_r($tags);
+            foreach ($tags as $tag) {
+                $old_tag_name = $tag['Tag']['name'];
+                $old_tag_id = $tag['Tag']['id'];
+                $old_tag_name_without_quote = rtrim($old_tag_name, '"') . ' -';
+                foreach ($cluster_names as $cluster_name) {
+                    // print("Searching for $old_tag_name in $cluster_name<br>");
+                    if (strstr($cluster_name, $old_tag_name_without_quote)) {
+                        // print("FOUND - $old_tag_name - $cluster_name<br/>");
+                        $mappings[$old_tag_id] = $cluster_name;
+                        break;
+                    }
+                }
+            }
+        }
+        // Now find all tags that are from the enterprise, pre-attack and mobile-attack galaxies
+        foreach ($mitre_stages as $stage) {
+            foreach ($mitre_categories as $category) {
+                $tag_start = 'misp-galaxy:mitre-' . $stage . '-' . $category;
+                // print("<h2>### Searching for $stage-$category</h2>");
+                $tags = $this->find('all', array(
+                    'conditions' => array('Tag.name LIKE' => $tag_start . '=%'),
+                    'recursive' => -1));
+                // print_r($tags);
+                foreach ($tags as $tag) {
+                    $old_tag_name = $tag['Tag']['name'];
+                    $old_tag_id = $tag['Tag']['id'];
+                    $new_tag_name = str_replace($stage.'-', '', $old_tag_name);
+                    // print("Changing $old_tag_name to $new_tag_name<br/>");
+                    if (in_array($new_tag_name, $cluster_names)) {
+                        // valid tag as it exists in the galaxies, add to mapping
+                        $mappings[$old_tag_id] = $new_tag_name;
+                    } else {
+                        // invalid tag, do some more magic
+                        // print("Invalid new tag ! $old_tag_name to $new_tag_name<br/>");
+                        $old_tag_name_without_quote = rtrim($new_tag_name, '"');
+                        $found = false;
+                        foreach ($cluster_names as $cluster_name) {
+                            // print("Searching for $old_tag_name in $cluster_name<br>");
+                            if (strstr($cluster_name, $old_tag_name_without_quote)) {
+                                // print("-> FOUND - $old_tag_name - $cluster_name<br/>");
+                                $mappings[$old_tag_id] = $cluster_name;
+                                $found = true;
+                                break;
+                            }
+                        }
+                        if (!$found) {
+                            print("Issue with tag, could not find a substitution, skipping: $old_tag_name<br/>");
+                        }
+                    }
+
+                }
+            }
+        }
+        $full_print_buffer .= "<h2>Mappings</h2>";
+        $full_print_buffer .= "<pre>". print_r($mappings, true) . "</pre>";
+        // now we know which tags (they keys of the mapping) need to be changed
+        // find all events and attributes using these tags and update them with the new version
+        $this->EventTag = Classregistry::init('EventTag');
+        $this->AttributeTag = Classregistry::init('AttributeTag');
+        $this->Event = Classregistry::init('Event');
+        $this->Attribute = Classregistry::init('Attribute');
+        $full_print_buffer .= "<h2>Conversion</h2>";
+        foreach ($mappings as $old_tag_id => $new_tag_name) {
+            $print_buffer = "";
+            $print_buffer .= "$old_tag_id => $new_tag_name<br/>";
+            $changed = False;
+            $new_tag = array(
+                'name' => $new_tag_name,
+                'colour' => '#0088cc');
+            $new_tag_id = $this->captureTag($new_tag, $user);
+            $print_buffer .= "&nbsp; New tag id $new_tag_id<br>";
+            //
+            // Events
+            //
+            $ets = $this->EventTag->find('all', array(
+                'recursive' => -1,
+                'conditions' => array('tag_id' => $old_tag_id),
+                'contain' => array('Event')
+            ));
+            foreach ($ets as $et) {
+                $event = $et['Event'];
+                // skip events that are not from this instance or are locked (coming form another MISP)
+                if ($event['locked'] || $event['org_id'] != $event['orgc_id']) {
+                    $print_buffer .= "&nbsp; Skipping event ".$event['id']."... not from here<br>";
+                    continue;
+                }
+                $changed = True;
+
+                // remove the old EventTag
+                $print_buffer .= "&nbsp; Deleting event_tag ".$et['EventTag']['id']." for event ".$event['id']."<br>";
+                $this->EventTag->softDelete($et['EventTag']['id']);
+
+                // add the new Tag to the event
+                $new_et = array('EventTag' => array(
+                    'event_id' => $event['id'],
+                    'tag_id' => $new_tag_id
+                ));
+
+                // check if the tag is already attached to the event - WARNING if data structures change this might break
+                $exists = $this->EventTag->find('first', array(
+                    'recursive' => -1,
+                    'conditions' => $new_et['EventTag']));
+                if (empty($exists)) {
+                    // tag not yet associated with event
+                    $print_buffer .= "&nbsp; Saving new tag association: event_id=".$event['id']." tag_id=".$new_tag_id."<br>";
+                    $this->EventTag->save($new_et);
+                    // increment the Event timestamp and save the event
+                    $print_buffer .= "&nbsp; Saving the event with incremented timestamp<br>";
+                    $event['timestamp'] += 1;
+                    $this->Event->save($event);
+                } else {
+                    $print_buffer .= "&nbsp; Not adding new tag as it's already associated to the event:  event_id=".$event['id']." tag_id=".$new_tag_id."<br>";
+                }
+            }
+
+            //
+            // Attributes with tags
+            //
+            // find all AttributeTags for this specific tag. We do not load the attribute immediately as it's faster/better to only do this additional lookup when needed. (data we need to change)
+            $ats = $this->AttributeTag->find('all', array(
+                'recursive' => -1,
+                'conditions' => array('tag_id' => $old_tag_id),
+            ));
+            foreach ($ats as $at) {
+                // $print_buffer .= "&nbsp; ".print_r($at, true)."<br>";
+                $event = $this->Event->find('first', array(
+                    'recursive' => -1,
+                    'conditions' => array('id' => $at['AttributeTag']['event_id'])
+                ))['Event'];
+                // $print_buffer .= "<pre>".print_r($event, true)."</pre>";
+                // skip events that are not from this instance or are locked (coming form another MISP)
+                if ($event['locked'] || $event['org_id'] != $event['orgc_id']) {
+                    $print_buffer .= "&nbsp; Skipping attribute for event ".$event['id']."... not from here<br>";
+                    continue;
+                }
+                $attribute = $this->Attribute->find('first', array(
+                    'recursive' => -1,
+                    'conditions' => array('id' => $at['AttributeTag']['attribute_id'])
+                ))['Attribute'];
+                $changed = True;
+
+                // remove the old AttributeTag
+                $print_buffer .= "&nbsp; Deleting attribute_tag ".$at['AttributeTag']['id']." for attribute ".$attribute['id']." for event ".$event['id']."<br>";
+                $this->AttributeTag->softDelete($at['AttributeTag']['id']);
+
+                // add the new Tag to the event
+                $new_at = array('AttributeTag' => array(
+                    'event_id' => $event['id'],
+                    'attribute_id' => $attribute['id'],
+                    'tag_id' => $new_tag_id
+                ));
+                // check if the tag is already attached to the event - WARNING if data structures change this might break
+                $exists = $this->AttributeTag->find('first', array(
+                    'recursive' => -1,
+                    'conditions' => $new_at['AttributeTag']));
+                if (empty($exists)) {
+                    // tag not yet associated with attribute
+                    $print_buffer .= "&nbsp; Saving new tag association: attribute_id=".$attribute['id']." event_id=".$event['id']." tag_id=".$new_tag_id."<br>";
+                    $this->AttributeTag->save($new_at);
+                    // increment the Attribute/Event timestamp and save them
+                    $print_buffer .= "&nbsp; Saving the attribute/event with incremented timestamp<br>";
+                    $attribute['timestamp'] += 1;
+                    $this->Attribute->save($attribute);
+                    $event['timestamp'] += 1;
+                    $this->Event->save($event);
+                } else {
+                    $print_buffer .= "&nbsp; Not adding new tag as it's already associated to the attribute: attribute_id=".$attribute['id']."  event_id=".$event['id']." tag_id=".$new_tag_id."<br>";
+                }
+            }
+
+            if ($changed) {
+                $full_print_buffer .= $print_buffer;
+            } else {
+                // print("Tag has no 'unlocked' events or attributes: $old_tag_id => $new_tag_name<br/>");
+                // $full_print_buffer .= $print_buffer;
+            }
+        }
+        return $full_print_buffer;
+    }
 }
diff --git a/app/View/Organisations/view.ctp b/app/View/Organisations/view.ctp
index 038b8068f..4381597f2 100644
--- a/app/View/Organisations/view.ctp
+++ b/app/View/Organisations/view.ctp
@@ -68,6 +68,10 @@
                 ?>
                 &nbsp;
             </dd>
+            <dt><?php echo __('Creation time'); ?></dt>
+            <dd><?php echo h($org['Organisation']['date_created']); ?></dd>
+            <dt><?php echo __('Last modified'); ?></dt>
+            <dd><?php echo h($org['Organisation']['date_modified']); ?></dd>
         <?php endif;?>
         <?php
             $optionalFields = array('sector' => 'Sector', 'nationality' => 'Nationality', 'type' => 'Organisation type', 'contacts' => 'Contact information');
diff --git a/app/files/misp-objects b/app/files/misp-objects
index beb0ec8bb..f5c7530e0 160000
--- a/app/files/misp-objects
+++ b/app/files/misp-objects
@@ -1 +1 @@
-Subproject commit beb0ec8bb7556fdbd2cdb64f9566d5543c56192a
+Subproject commit f5c7530e0b375cdd1b72a98f532dca731f8a0b80
diff --git a/app/files/scripts/misp2stix.py b/app/files/scripts/misp2stix.py
index 0188bbc10..3087aab4e 100644
--- a/app/files/scripts/misp2stix.py
+++ b/app/files/scripts/misp2stix.py
@@ -817,7 +817,7 @@ class StixBuilder(object):
             if to_parse:
                 return
         to_ids, attributes_dict = self.create_file_attributes_dict(misp_object['Attribute'])
-        if 'malware-sample' in attributes_dict:
+        if 'malware-sample' in attributes_dict and isinstance(attributes_dict['malware-sample'], dict):
             malware_sample = attributes_dict.pop('malware-sample')
             filename, md5 = malware_sample['value'].split('|')
             artifact_object = self.create_artifact_object(malware_sample['data'])
diff --git a/app/webroot/js/event-graph.js b/app/webroot/js/event-graph.js
index 2f3abc9db..48c2b0b31 100644
--- a/app/webroot/js/event-graph.js
+++ b/app/webroot/js/event-graph.js
@@ -10,7 +10,7 @@ var edges = new vis.DataSet();
 var typeaheadDataSearch;
 var event_last_change = $('#eventgraph_network').data('event-timestamp');
 var scope_id = $('#eventgraph_network').data('event-id');
-var user_email = $('#eventgraph_network').data('user-email'); 
+var user_email = $('#eventgraph_network').data('user-email');
 var container = document.getElementById('eventgraph_network');
 var user_manipulation = $('#eventgraph_network').data('user-manipulation');
 var is_siteadmin = $('#eventgraph_network').data('is-site-admin');
@@ -111,7 +111,7 @@ class EventGraph {
 
 			for (var event_id in that.extended_event_points) {
 				if (that.extended_event_color_mapping[event_id] === undefined) {
-					eventGraph.extended_event_color_mapping[event_id] = getRandomColor(event_id);   
+					eventGraph.extended_event_color_mapping[event_id] = getRandomColor(event_id);
 				}
 				var chosen_color = eventGraph.extended_event_color_mapping[event_id];
 
@@ -1266,7 +1266,7 @@ class EventGraph {
 		eventGraph.nodes.get().forEach(function(nodeD) {
 			var nodeP = nodePositions[nodeD.id];
 			if (nodeP !== undefined && nodeD.group != 'obj_relation') {
-				var temp = { 
+				var temp = {
 					id: nodeD.id,
 					x: nodeP.x,
 					y: nodeP.y,
@@ -1284,8 +1284,8 @@ class EventGraph {
 		eventGraph.hiddenNode.forEach(function(node) {
 			hiddenNodeData.push(node.id);
 		});
-		
-		var data = { 
+
+		var data = {
 			eventId: scope_id,
 			eventLastChange: event_last_change,
 			nodes: nodeData,
@@ -1294,7 +1294,7 @@ class EventGraph {
 				scope: eventGraph.scope_name,
 				keyType: eventGraph.scope_keyType
 			},
-			physics: { 
+			physics: {
 				solver: eventGraph.solver,
 				repulsion: parseInt($('#slider_physic_node_repulsion').val()),
 				enabled: $('#checkbox_physics_enable').prop("checked")
@@ -1545,8 +1545,8 @@ class MispInteraction {
 			return;
 		}
 		genericPopup('/objectReferences/add/'+edgeData.from, '#popover_form', function() {
-			$('#targetSelect').val(uuid);
-			$('option[value='+uuid+']').click()
+			$('#ObjectReferenceReferencedUuid').val(uuid);
+			objectReferenceInput();
 		});
 	}
 
@@ -1722,7 +1722,7 @@ class MispInteraction {
 function drawExtendedEventHull(ctx, nodes, color, text) {
 	ctx.fillStyle = color+'88';
 	var hull = getHullFromPoints(nodes);
-	
+
 	var start = hull[0];
 	var end = hull[hull.length-1];
 	var prev = start;
@@ -1738,7 +1738,7 @@ function drawExtendedEventHull(ctx, nodes, color, text) {
 	var centerY = (end.y+start.y)/2;
 	ctx.quadraticCurveTo(centerX,centerY,start.x,start.y);
 	ctx.fill();
-	
+
 	var centroid = getCentroid(hull);
 	ctx.beginPath();
 	ctx.font="30px Verdana";
@@ -1768,7 +1768,7 @@ function getHullFromPoints(points) {
     	var q;
     	do {
 		hull.push(points[p]);
-		
+
 		q = (p+1) % n;
 		for (var i=0; i<n; i++) {
 			if (orientation(points[p], points[i], points[q]) == 2) {
diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js
index d2655ab7c..2c8a6a171 100644
--- a/app/webroot/js/misp.js
+++ b/app/webroot/js/misp.js
@@ -45,8 +45,8 @@ function fetchAddSightingForm(type, attribute_id, page, onvalue) {
 function flexibleAddSighting(clicked, type, attribute_id, event_id, value, page, placement) {
 	$clicked = $(clicked);
 	var html = '<div>'
-		+ '<button class="btn btn-primary" onclick="addSighting(\'' + type + '\', \'' + attribute_id + '\', \'' + event_id + '\', \'' + page + '\')">'+'id'+'</button>'
-		+ '<button class="btn btn-primary" style="margin-left:5px;" onclick="fetchAddSightingForm(\'' + type + '\', \'' + attribute_id + '\', \'' + page + '\', true)">' + value + '</button>'
+		+ '<button class="btn btn-primary" onclick="addSighting(\'' + type + '\', \'' + attribute_id + '\', \'' + event_id + '\', \'' + page + '\')">This attribute</button>'
+		+ '<button class="btn btn-primary" style="margin-left:5px;" onclick="fetchAddSightingForm(\'' + type + '\', \'' + attribute_id + '\', \'' + page + '\', true)">Global value</button>'
 		+ '</div>';
 	openPopover(clicked, html, true, placement);
 }
diff --git a/docs/INSTALL.debian9.md b/docs/INSTALL.debian9.md
index 6d23e482a..7cc2df540 100644
--- a/docs/INSTALL.debian9.md
+++ b/docs/INSTALL.debian9.md
@@ -101,16 +101,6 @@ sudo a2enmod ssl rewrite
 sudo a2dissite 000-default
 sudo a2ensite default-ssl
 sudo a2enmod headers
-
-# Switch to python3 by default (optional)
-
-sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
-sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.5 2
-```
-
-To flip between the 2 pythons use *update-alternatives*
-```bash
-sudo update-alternatives --config python
 ```
 
 #### Apply all changes
diff --git a/docs/INSTALL.kali.md b/docs/INSTALL.kali.md
index b7f0095c5..71f3876b7 100644
--- a/docs/INSTALL.kali.md
+++ b/docs/INSTALL.kali.md
@@ -8,7 +8,7 @@ This has been tested by @SteveClement on 20190115
 
 To install MISP on Kali copy paste this in your r00t shell:
 ```bash
-wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.kali.txt && bash /tmp/misp-kali.sh
+wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash /tmp/misp-kali.sh
 ```
 
 !!! notice
diff --git a/docs/INSTALL.rhel7.md b/docs/INSTALL.rhel7.md
index a528e6644..ea1aff9b9 100644
--- a/docs/INSTALL.rhel7.md
+++ b/docs/INSTALL.rhel7.md
@@ -3,7 +3,7 @@
 
 ## 0/ Overview and Assumptions
 
-{!generic/community.md!}
+{!generic/rhelVScentos.md!}
 
 !!! warning
     The core MISP team cannot verify if this guide is working or not. Please help us in keeping it up to date and accurate.
diff --git a/docs/INSTALL.ubuntu1804.md b/docs/INSTALL.ubuntu1804.md
index 3f12ca95b..c10f6d3d0 100644
--- a/docs/INSTALL.ubuntu1804.md
+++ b/docs/INSTALL.ubuntu1804.md
@@ -159,8 +159,8 @@ cd ${PATH_TO_MISP}/PyMISP
 sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
 
 # Install Crypt_GPG and Console_CommandLine
-sudo -H -u www-data pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
-sudo -H -u www-data pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
+sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
+sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
 ```
 
 ### 4/ CakePHP
diff --git a/docs/SSL.md b/docs/SSL.md
new file mode 100644
index 000000000..eb0a5a058
--- /dev/null
+++ b/docs/SSL.md
@@ -0,0 +1,3 @@
+# Let's encrypt SSL with stock MISP install
+
+This will explain how to enable [letsencrypt]*(https://letsencrypt.org/) on a stock Ubuntu/Debian MISP install.
diff --git a/docs/generic/MISP_CAKE_init_centos.md b/docs/generic/MISP_CAKE_init_centos.md
index bbb371fb8..b66231f3a 100644
--- a/docs/generic/MISP_CAKE_init_centos.md
+++ b/docs/generic/MISP_CAKE_init_centos.md
@@ -57,6 +57,7 @@ sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disable_emailing" true"
 sudo $RUN_PHP "$CAKE Admin setSetting "MISP.contact" "info@admin.test""
 sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disablerestalert" true"
 sudo $RUN_PHP "$CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true"
+sudo $RUN_PHP "$CAKE Admin setSetting "MISP.default_event_tag_collection" 0"
 
 # Provisional Cortex tunes
 sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_enable" false"
@@ -108,7 +109,7 @@ sudo $RUN_PHP "$CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40"
 sudo $RUN_PHP "$CAKE Admin setSetting "MISP.extended_alert_subject" false"
 sudo $RUN_PHP "$CAKE Admin setSetting "MISP.default_event_threat_level" 4"
 
-##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team""
+##sudo $RUN_PHP '$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"'
 ##sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team""
 sudo $RUN_PHP "$CAKE Admin setSetting "MISP.enableEventBlacklisting" true"
 sudo $RUN_PHP "$CAKE Admin setSetting "MISP.enableOrgBlacklisting" true"
@@ -134,22 +135,23 @@ sudo $RUN_PHP "$CAKE Admin setSetting "Session.timeout" 600"
 sudo $RUN_PHP "$CAKE Admin setSetting "Session.cookie_timeout" 3600"
 
 # Update the galaxies…
-sudo $RUN_PHP "$CAKE Admin updateGalaxies"
+##sudo $RUN_PHP "$CAKE Admin updateGalaxies"
+curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
 
 # Updating the taxonomies…
 sudo $RUN_PHP "$CAKE Admin updateTaxonomies"
 
 # Updating the warning lists…
 ##sudo $RUN_PHP "$CAKE Admin updateWarningLists"
-curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST http://127.0.0.1/warninglists/update
+curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
 
 # Updating the notice lists…
 ## sudo $RUN_PHP "$CAKE Admin updateNoticeLists"
-curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST http://127.0.0.1/noticelists/update
+curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
 
 # Updating the object templates…
 ##sudo $RUN_PHP "$CAKE Admin updateObjectTemplates"
-curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST http://127.0.0.1/objectTemplates/update
+curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
 
 # Set MISP Live
 sudo $RUN_PHP "$CAKE Live $MISP_LIVE"
diff --git a/docs/generic/misp-modules.md b/docs/generic/misp-modules.md
new file mode 100644
index 000000000..90438395d
--- /dev/null
+++ b/docs/generic/misp-modules.md
@@ -0,0 +1,8 @@
+#### Make some misp-modules available
+
+```bash
+sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true
+sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
+sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
+```
+
diff --git a/docs/generic/rhelVScentos.md b/docs/generic/rhelVScentos.md
new file mode 100644
index 000000000..cf6b24780
--- /dev/null
+++ b/docs/generic/rhelVScentos.md
@@ -0,0 +1,3 @@
+!!! notice
+    There are technically only minor differences between CentOS and RHEL.<br />
+    For more information on what might differ, [this StackExchange](https://unix.stackexchange.com/questions/27323/is-centos-exactly-the-same-as-rhel) question might answer some questions.
diff --git a/docs/xINSTALL.centos6.md b/docs/xINSTALL.centos6.md
index d8242dc28..bb47d1f49 100644
--- a/docs/xINSTALL.centos6.md
+++ b/docs/xINSTALL.centos6.md
@@ -4,6 +4,10 @@
 ### 0/ MISP CentOS 6 Minimal NetInstall - Status
 --------------------------------------------
 
+{!generic/community.md!}
+
+{!generic/rhelVScentos.md!}
+
 !!! notice
     Semi-maintained and tested by @SteveClement, CentOS 6.10 on 20181025<br />
     It is still considered experimental as not everything works seemlessly.
diff --git a/docs/xINSTALL.centos7.md b/docs/xINSTALL.centos7.md
index a97b9f1a3..80532c636 100644
--- a/docs/xINSTALL.centos7.md
+++ b/docs/xINSTALL.centos7.md
@@ -4,6 +4,10 @@
 ### 0/ MISP CentOS 7 Minimal NetInstall - Status
 --------------------------------------------
 
+{!generic/community.md!}
+
+{!generic/rhelVScentos.md!}
+
 !!! notice
     Semi-maintained and tested by @SteveClement, CentOS 7.5-1804 on 20181113<br />
     It is still considered experimental as not everything works seemlessly.
@@ -55,7 +59,13 @@ sudo yum install centos-release-scl -y
 sudo yum install vim -y
 
 # Install the dependencies:
-sudo yum install gcc git httpd zip redis mariadb mariadb-server python-devel python-pip python-zmq libxslt-devel zlib-devel ssdeep-devel -y
+sudo yum install gcc git zip \
+       httpd \
+       mod_ssl \
+       redis \
+       mariadb mariadb-server \
+       python-devel python-pip python-zmq \
+       libxslt-devel zlib-devel ssdeep-devel -y
 
 # Install PHP 7.1 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php71/
 sudo yum install rh-php71 rh-php71-php-fpm rh-php71-php-devel rh-php71-php-mysqlnd rh-php71-php-mbstring rh-php71-php-xml rh-php71-php-bcmath rh-php71-php-opcache -y
@@ -64,13 +74,8 @@ sudo yum install rh-php71 rh-php71-php-fpm rh-php71-php-devel rh-php71-php-mysql
 # https://www.softwarecollections.org/en/scls/rhscl/rh-python36/
 sudo yum install rh-python36 -y
 
-# rh-php71-php only provided mod_ssl mod_php for httpd24-httpd from SCL
-# if we want to use httpd from CentOS base we can use rh-php71-php-fpm instead
 sudo systemctl enable rh-php71-php-fpm.service
 sudo systemctl start  rh-php71-php-fpm.service
-
-sudo $RUN_PHP "pear channel-update pear.php.net"
-sudo $RUN_PHP "pear install Crypt_GPG"    # we need version >1.3.0
 ```
 
 !!! notice
@@ -97,7 +102,7 @@ sudo chown apache:apache $PATH_TO_MISP
 cd /var/www
 sudo -u apache git clone https://github.com/MISP/MISP.git
 cd $PATH_TO_MISP
-sudo -u apache git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
+##sudo -u apache git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
 # if the last shortcut doesn't work, specify the latest version manually
 # example: git checkout tags/v2.4.XY
 # the message regarding a "detached HEAD state" is expected behaviour
@@ -108,6 +113,10 @@ sudo -u apache git submodule update --init --recursive
 # Make git ignore filesystem permission differences for submodules
 sudo -u apache git submodule foreach --recursive git config core.filemode false
 
+# Install packaged pears
+sudo $RUN_PHP "pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml"
+sudo $RUN_PHP "pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml"
+
 # Create a python3 virtualenv
 sudo -u apache $RUN_PYTHON "virtualenv -p python3 $PATH_TO_MISP/venv"
 sudo mkdir /usr/share/httpd/.cache
@@ -174,7 +183,9 @@ sudo -u apache $RUN_PHP "php composer.phar require kamisama/cake-resque:4.1.2"
 sudo -u apache $RUN_PHP "php composer.phar config vendor-dir Vendor"
 sudo -u apache $RUN_PHP "php composer.phar install"
 
-# CakeResque normally uses phpredis to connect to redis, but it has a (buggy) fallback connector through Redisent. It is highly advised to install phpredis using "yum install php-redis"
+# CakeResque normally uses phpredis to connect to redis, but it has a (buggy) 
+# fallback connector through Redisent.
+# It is highly advised to install phpredis using "yum install php-redis"
 sudo $RUN_PHP "pecl install redis"
 echo "extension=redis.so" |sudo tee /etc/opt/rh/rh-php71/php-fpm.d/redis.ini
 sudo ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php71/php.d/99-redis.ini
@@ -207,9 +218,11 @@ sudo chown -R root:apache /var/www/MISP
 sudo find /var/www/MISP -type d -exec chmod g=rx {} \;
 sudo chmod -R g+r,o= /var/www/MISP
 sudo chmod -R 750 /var/www/MISP
-sudo chmod -R g+ws /var/www/MISP/app/tmp
+sudo chmod -R g+xws /var/www/MISP/app/tmp
 sudo chmod -R g+ws /var/www/MISP/app/files
 sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
+sudo chmod -R g+rw /var/www/MISP/venv
+sudo chmod -R g+rw /var/www/MISP/.git
 sudo chown apache:apache /var/www/MISP/app/files
 sudo chown apache:apache /var/www/MISP/app/files/terms
 sudo chown apache:apache /var/www/MISP/app/files/scripts/tmp
@@ -263,8 +276,11 @@ sudo yum remove tcl expect -y
 echo [mysqld] |sudo tee /etc/my.cnf.d/bind-address.cnf
 echo bind-address=127.0.0.1 |sudo tee -a /etc/my.cnf.d/bind-address.cnf
 sudo systemctl restart mariadb.service
+```
 
 
+#### Manual procedure:
+```bash
 # Enter the mysql shell
 mysql -u root -p
 ```
@@ -276,8 +292,7 @@ MariaDB [(none)]> grant all privileges on misp.* to misp@localhost ;
 MariaDB [(none)]> exit
 ```
 
-#### copy/paste:
-
+#### Same as Manual but for copy/paste foo:
 ```bash
 sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
 sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
@@ -310,6 +325,21 @@ sudo -u apache cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DB
 # A sample vhost can be found in /var/www/MISP/INSTALL/apache.misp.centos7
 
 sudo cp /var/www/MISP/INSTALL/apache.misp.centos7.ssl /etc/httpd/conf.d/misp.ssl.conf
+sudo rm /etc/httpd/conf.d/ssl.conf
+sudo chmod 644 /etc/httpd/conf.d/misp.ssl.conf
+sudo sed -i '/Listen 80/a Listen 443' /etc/httpd/conf/httpd.conf
+echo $OPENSSL_CN
+sudo systemctl start httpd.service
+sudo openssl dhparam -out /etc/pki/tls/certs/dhparam.pem 4096
+sudo openssl genrsa -des3 -passout pass:x -out /tmp/misp.local.key 4096
+sudo openssl rsa -passin pass:x -in /tmp/misp.local.key -out /etc/pki/tls/certs/misp.local.key
+sudo rm /tmp/misp.local.key
+sudo openssl req -new -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" -key /etc/pki/tls/certs/misp.local.key -out /etc/pki/tls/certs/misp.local.csr
+sudo openssl x509 -req -days 365 -in /etc/pki/tls/certs/misp.local.csr -signkey /etc/pki/tls/private/misp.local.key -out /etc/pki/tls/certs/misp.local.crt
+sudo ln -s /etc/pki/tls/certs/misp.local.csr /etc/pki/tls/certs/misp-chain.crt
+cat /etc/pki/tls/certs/dhparam.pem |sudo tee -a /etc/pki/tls/certs/misp.local.crt 
+
+sudo systemctl restart httpd.service
 
 # If a valid SSL certificate is not already created for the server, create a self-signed certificate:
 sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
@@ -323,7 +353,9 @@ sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms
 sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp
 sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp
 sudo chcon -R -t usr_t /var/www/MISP/venv
+sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/.git
 sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
+sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/Config
 sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp/logs
 sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/orgs
 sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/custom
@@ -482,17 +514,17 @@ sudo yum install -y openjpeg-devel
 sudo chmod 2777 /usr/local/src
 sudo chown root:users /usr/local/src
 cd /usr/local/src/
-git clone https://github.com/MISP/misp-modules.git
+sudo -u apache git clone https://github.com/MISP/misp-modules.git
 cd misp-modules
 # pip install
-sudo -u apache $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
-sudo -u apache $PATH_TO_MISP/venv/bin/pip install .
+sudo -H -u apache $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
+sudo -H -u apache $PATH_TO_MISP/venv/bin/pip install .
 sudo yum install rubygem-rouge rubygem-asciidoctor -y
 ##sudo gem install asciidoctor-pdf --pre
 
 # install additional dependencies for extended object generation and extraction
-sudo -u apache ${PATH_TO_MISP}/venv/bin/pip install maec lief python-magic pathlib
-sudo -u apache ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
+sudo -H -u apache ${PATH_TO_MISP}/venv/bin/pip install maec lief python-magic pathlib
+sudo -H -u apache ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
 
 # Start misp-modules
 sudo -u apache ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
diff --git a/docs/xINSTALL.debian_testing.md b/docs/xINSTALL.debian_testing.md
index eb12f698b..b4043d336 100644
--- a/docs/xINSTALL.debian_testing.md
+++ b/docs/xINSTALL.debian_testing.md
@@ -107,15 +107,6 @@ sudo a2enmod ssl rewrite
 sudo a2dissite 000-default
 sudo a2ensite default-ssl
 
-# Switch to python3 by default (optional)
-
-sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
-sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.6 2
-```
-
-To flip between the 2 pythons use *update-alternatives*
-```bash
-sudo update-alternatives --config python
 ```
 
 #### Apply all changes
diff --git a/docs/xINSTALL.rhel7.md b/docs/xINSTALL.rhel7.md
index ecf85dad1..fba232ad8 100644
--- a/docs/xINSTALL.rhel7.md
+++ b/docs/xINSTALL.rhel7.md
@@ -5,6 +5,8 @@
 
 {!generic/community.md!}
 
+{!generic/rhelVScentos.md!}
+
 !!! warning
     The core MISP team cannot verify if this guide is working or not. Please help us in keeping it up to date and accurate.
     Thus we also have difficulties in supporting RHEL issues but will do a best effort on a similar yet slightly different setup.