diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
index a1ac1b98e..570994eaf 100755
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@@ -462,6 +462,15 @@ class AppController extends Controller
             $this->set('isAclKafka', isset($role['perm_publish_kafka']) ? $role['perm_publish_kafka'] : false);
             $this->set('isAclDecaying', isset($role['perm_decaying']) ? $role['perm_decaying'] : false);
             $this->userRole = $role;
+
+            $this->set('loggedInUserName', $this->__convertEmailToName($this->Auth->user('email')));
+            if ($this->request->params['controller'] === 'users' && $this->request->params['action'] === 'dashboard') {
+                $notifications = $this->{$this->modelClass}->populateNotifications($this->Auth->user());
+            } else {
+                $notifications = $this->{$this->modelClass}->populateNotifications($this->Auth->user(), 'fast');
+            }
+            $this->set('notifications', $notifications);
+
             if (
                 Configure::read('MISP.log_paranoid') ||
                 !empty(Configure::read('Security.monitored'))
@@ -499,9 +508,8 @@ class AppController extends Controller
         } else {
             $this->set('me', false);
         }
-        $this->set('br', '<br />');
-        $this->set('bold', array('<span class="bold">', '</span>'));
-        if ($this->_isSiteAdmin()) {
+
+        if ($this->Auth->user() && $this->_isSiteAdmin()) {
             if (Configure::read('Session.defaults') == 'database') {
                 $db = ConnectionManager::getDataSource('default');
                 $sqlResult = $db->query('SELECT COUNT(id) AS session_count FROM cake_sessions WHERE expires < ' . time() . ';');
@@ -515,13 +523,6 @@ class AppController extends Controller
             }
         }
 
-        $this->set('loggedInUserName', $this->__convertEmailToName($this->Auth->user('email')));
-        if ($this->request->params['controller'] === 'users' && $this->request->params['action'] === 'dashboard') {
-            $notifications = $this->{$this->modelClass}->populateNotifications($this->Auth->user());
-        } else {
-            $notifications = $this->{$this->modelClass}->populateNotifications($this->Auth->user(), 'fast');
-        }
-        $this->set('notifications', $notifications);
         $this->ACL->checkAccess($this->Auth->user(), Inflector::variable($this->request->params['controller']), $this->action);
         if ($this->_isRest()) {
             $this->__rateLimitCheck();
diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php
index 1a55239d3..7fc2cb436 100644
--- a/app/Controller/Component/ACLComponent.php
+++ b/app/Controller/Component/ACLComponent.php
@@ -695,12 +695,23 @@ class ACLComponent extends Component
         }
     }
 
-    // The check works like this:
-    // If the user is a site admin, return true
-    // If the requested action has an OR-d list, iterate through the list. If any of the permissions are set for the user, return true
-    // If the requested action has an AND-ed list, iterate through the list. If any of the permissions for the user are not set, turn the check to false. Otherwise return true.
-    // If the requested action has a permission, check if the user's role has it flagged. If yes, return true
-    // If we fall through all of the checks, return an exception.
+    /**
+     * The check works like this:
+     * - If the user is a site admin, return true
+     * - If the requested action has an OR-d list, iterate through the list. If any of the permissions are set for the user, return true
+     * - If the requested action has an AND-ed list, iterate through the list. If any of the permissions for the user are not set, turn the check to false. Otherwise return true.
+     * - If the requested action has a permission, check if the user's role has it flagged. If yes, return true
+     * - If we fall through all of the checks, return an exception.
+     *
+     * @param array|null $user
+     * @param string $controller
+     * @param string $action
+     * @param bool $soft If true, instead of exception, HTTP error code is retuned as int.
+     * @return bool|int
+     * @throws NotFoundException
+     * @throws MethodNotAllowedException
+     * @throws InternalErrorException
+     */
     public function checkAccess($user, $controller, $action, $soft = false)
     {
         $controller = lcfirst(Inflector::camelize($controller));
@@ -710,15 +721,12 @@ class ACLComponent extends Component
             $aclList[$k] = array_change_key_case($v);
         }
         $this->__checkLoggedActions($user, $controller, $action);
-        if ($user['Role']['perm_site_admin']) {
+        if ($user && $user['Role']['perm_site_admin']) {
             return true;
         }
         if (!isset($aclList[$controller])) {
             return $this->__error(404, 'Invalid controller.', $soft);
         }
-        if ($user['Role']['perm_site_admin']) {
-            return true;
-        }
         if (isset($aclList[$controller][$action]) && !empty($aclList[$controller][$action])) {
             if (in_array('*', $aclList[$controller][$action])) {
                 return true;
diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php
index a49c3c0b6..cad256bf5 100644
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@@ -1167,17 +1167,12 @@ class EventsController extends AppController
         $this->set('emptyEvent', $emptyEvent);
 
         // remove galaxies tags
-        $this->loadModel('GalaxyCluster');
         $this->loadModel('Taxonomy');
-        $cluster_names = $this->GalaxyCluster->find('list', array('fields' => array('GalaxyCluster.tag_name'), 'group' => array('GalaxyCluster.tag_name', 'GalaxyCluster.id')));
         foreach ($event['Object'] as $k => $object) {
             if (isset($object['Attribute'])) {
                 foreach ($object['Attribute'] as $k2 => $attribute) {
-                    foreach ($attribute['AttributeTag'] as $k3 => $attributeTag) {
-                        if (in_array($attributeTag['Tag']['name'], $cluster_names)) {
-                            unset($event['Object'][$k]['Attribute'][$k2]['AttributeTag'][$k3]);
-                        }
-                    }
+                    $this->Event->Attribute->removeGalaxyClusterTags($event['Object'][$k]['Attribute'][$k2]);
+
                     $tagConflicts = $this->Taxonomy->checkIfTagInconsistencies($attribute['AttributeTag']);
                     foreach ($tagConflicts['global'] as $tagConflict) {
                         $warningTagConflicts[$tagConflict['taxonomy']['Taxonomy']['namespace']] = $tagConflict['taxonomy'];
@@ -1190,11 +1185,8 @@ class EventsController extends AppController
             }
         }
         foreach ($event['Attribute'] as $k => $attribute) {
-            foreach ($attribute['AttributeTag'] as $k2 => $attributeTag) {
-                if (in_array($attributeTag['Tag']['name'], $cluster_names)) {
-                    unset($event['Attribute'][$k]['AttributeTag'][$k2]);
-                }
-            }
+            $this->Event->Attribute->removeGalaxyClusterTags($event['Attribute'][$k]);
+
             $tagConflicts = $this->Taxonomy->checkIfTagInconsistencies($attribute['AttributeTag']);
             foreach ($tagConflicts['global'] as $tagConflict) {
                 $warningTagConflicts[$tagConflict['taxonomy']['Taxonomy']['namespace']] = $tagConflict['taxonomy'];
@@ -1232,8 +1224,8 @@ class EventsController extends AppController
         }
         $this->set('event', $event);
         $dataForView = array(
-                'Attribute' => array('attrDescriptions', 'typeDefinitions', 'categoryDefinitions', 'distributionDescriptions', 'distributionLevels', 'shortDist'),
-                'Event' => array('fieldDescriptions')
+            'Attribute' => array('attrDescriptions' => 'fieldDescriptions', 'distributionDescriptions' => 'distributionDescriptions', 'distributionLevels' => 'distributionLevels', 'shortDist' => 'shortDist'),
+            'Event' => array('eventDescriptions' => 'fieldDescriptions', 'analysisDescriptions' => 'analysisDescriptions', 'analysisLevels' => 'analysisLevels')
         );
         foreach ($dataForView as $m => $variables) {
             if ($m === 'Event') {
@@ -1241,8 +1233,8 @@ class EventsController extends AppController
             } elseif ($m === 'Attribute') {
                 $currentModel = $this->Event->Attribute;
             }
-            foreach ($variables as $variable) {
-                $this->set($variable, $currentModel->{$variable});
+            foreach ($variables as $alias => $variable) {
+                $this->set($alias, $currentModel->{$variable});
             }
         }
         if (Configure::read('Plugin.Enrichment_services_enable')) {
@@ -1507,20 +1499,6 @@ class EventsController extends AppController
         }
         $this->params->params['paging'] = array($this->modelClass => $params);
         $this->set('event', $event);
-        $dataForView = array(
-                'Attribute' => array('attrDescriptions', 'typeDefinitions', 'categoryDefinitions', 'distributionDescriptions', 'distributionLevels'),
-                'Event' => array('fieldDescriptions')
-        );
-        foreach ($dataForView as $m => $variables) {
-            if ($m === 'Event') {
-                $currentModel = $this->Event;
-            } elseif ($m === 'Attribute') {
-                $currentModel = $this->Event->Attribute;
-            }
-            foreach ($variables as $variable) {
-                $this->set($variable, $currentModel->{$variable});
-            }
-        }
         $extensionParams = array(
             'conditions' => array(
                 'Event.extends_uuid' => $event['Event']['uuid']
diff --git a/app/Lib/cakephp b/app/Lib/cakephp
index 5ccb12354..59e12788f 160000
--- a/app/Lib/cakephp
+++ b/app/Lib/cakephp
@@ -1 +1 @@
-Subproject commit 5ccb12354dfc08ca1b3e0a430e8668bf1610b5d3
+Subproject commit 59e12788fc406ee66180f41e8a2840b841c6051a
diff --git a/app/Model/Server.php b/app/Model/Server.php
index 7fe9c54a9..a22b8e913 100644
--- a/app/Model/Server.php
+++ b/app/Model/Server.php
@@ -3226,7 +3226,7 @@ class Server extends AppModel
         foreach ($serverSettings as $branchKey => &$branchValue) {
             if (isset($branchValue['branch'])) {
                 foreach ($branchValue as $leafKey => &$leafValue) {
-                    if ($leafValue['level'] == 3 && !(isset($currentSettings[$branchKey][$leafKey]))) {
+                    if ($leafKey !== 'branch' && $leafValue['level'] == 3 && !(isset($currentSettings[$branchKey][$leafKey]))) {
                         continue;
                     }
                     $setting = null;
diff --git a/app/View/Elements/formInfo.ctp b/app/View/Elements/formInfo.ctp
index 01a87121b..c48083d4c 100644
--- a/app/View/Elements/formInfo.ctp
+++ b/app/View/Elements/formInfo.ctp
@@ -1 +1 @@
-<span id = "<?php echo $type?>InfoPopover" class="icon-info-sign" data-toggle="popover" data-field="<?php echo $type; ?>"></span>
+<span id="<?php echo $type?>InfoPopover" class="fas fa-info-circle" data-toggle="popover" data-field="<?php echo $type; ?>"></span>
diff --git a/app/View/Elements/genericElements/Form/formInfo.ctp b/app/View/Elements/genericElements/Form/formInfo.ctp
index 3a60e36e8..ff5dd8d40 100644
--- a/app/View/Elements/genericElements/Form/formInfo.ctp
+++ b/app/View/Elements/genericElements/Form/formInfo.ctp
@@ -17,12 +17,12 @@
         }
     }
     echo sprintf(
-        '<span id = "%sInfoPopover" class="icon-info-sign" data-toggle="popover" data-trigger="hover" style="margin-left:2px;"></span>',
+        ' <span id="%sInfoPopover" class="fas fa-info-circle" data-toggle="popover" data-trigger="hover"></span>',
         h($field['field'])
     );
 ?>
 <script type="text/javascript">
-    $(document).ready(function() {
+    $(function() {
         $('#<?php echo h($field['field']); ?>InfoPopover').popover({
             html: true,
             content: function() {
diff --git a/app/View/Users/admin_add.ctp b/app/View/Users/admin_add.ctp
index 0b91111b7..8d895ef26 100644
--- a/app/View/Users/admin_add.ctp
+++ b/app/View/Users/admin_add.ctp
@@ -37,7 +37,7 @@
                 $passwordPopover = '<span class=\"blue bold\">' . __('Length') . '</span>: ' . h($length) . '<br />';
                 $passwordPopover .= '<span class=\"blue bold\">' . __('Complexity') . '</span>: ' . h($complexity);
                 echo $this->Form->input('password', array(
-                    'label' => __('Password') . ' <span id = "PasswordPopover" class="icon-info-sign" ></span>'
+                    'label' => __('Password') . ' <span id="PasswordPopover" class="fas fa-info-circle"></span>'
                 ));
                 echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
             ?>
diff --git a/app/View/Users/admin_edit.ctp b/app/View/Users/admin_edit.ctp
index e68adfa89..4c8eee788 100644
--- a/app/View/Users/admin_edit.ctp
+++ b/app/View/Users/admin_edit.ctp
@@ -37,7 +37,7 @@
                 $passwordPopover = '<span class=\"blue bold\">' . __('Length') .'</span>: ' . h($length) . '<br />';
                 $passwordPopover .= '<span class=\"blue bold\">' . __('Complexity') .'</span>: ' . h($complexity);
                 echo $this->Form->input('password', array(
-                    'label' => __('Password') . ' <span id = "PasswordPopover" class="icon-info-sign" ></span>'
+                    'label' => __('Password') . ' <span id="PasswordPopover" class="fas fa-info-circle"></span>'
                 ));
                 echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
             ?>
diff --git a/app/View/Users/change_pw.ctp b/app/View/Users/change_pw.ctp
index cdfcc5b33..2d45d6eb1 100644
--- a/app/View/Users/change_pw.ctp
+++ b/app/View/Users/change_pw.ctp
@@ -6,7 +6,7 @@
         $passwordPopover = '<span class=\"blue bold\">Length</span>: ' . h($length) . '<br />';
         $passwordPopover .= '<span class=\"blue bold\">Complexity</span>: ' . h($complexity);
         echo $this->Form->input('password', array(
-            'label' => __('Password') . ' <span id = "PasswordPopover" class="icon-info-sign" ></span>', 'autofocus'
+            'label' => __('Password') . ' <span id="PasswordPopover" class="fas fa-info-circle"></span>', 'autofocus'
         ));
         echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
     ?>
diff --git a/app/View/Users/edit.ctp b/app/View/Users/edit.ctp
index fcb30b301..996abf3e1 100755
--- a/app/View/Users/edit.ctp
+++ b/app/View/Users/edit.ctp
@@ -10,7 +10,7 @@
         $passwordPopover = '<span class=\"blue bold\">' . __('Length') .'</span>: ' . h($length) . '<br />';
         $passwordPopover .= '<span class=\"blue bold\">' . __('Complexity') .'</span>: ' . h($complexity);
         echo $this->Form->input('password', array(
-            'label' => __('Password') . ' <span id = "PasswordPopover" class="icon-info-sign" ></span>'
+            'label' => __('Password') . ' <span id="PasswordPopover" class="fas fa-info-circle"></span>'
         ));
         echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
     ?>
diff --git a/app/files/misp-galaxy b/app/files/misp-galaxy
index dee9a5646..313003ed6 160000
--- a/app/files/misp-galaxy
+++ b/app/files/misp-galaxy
@@ -1 +1 @@
-Subproject commit dee9a564606ba92c50f13b53884bceaacf6c4522
+Subproject commit 313003ed655c1c3c06734e7ed3dbb514fa1047eb
diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js
index a8518f721..c87850308 100644
--- a/app/webroot/js/misp.js
+++ b/app/webroot/js/misp.js
@@ -1834,7 +1834,6 @@ function popoverConfirm(clicked, message, placement) {
         popoverContent += '<button id="popoverConfirmOK" class="btn btn-primary" style="margin-right: 5px;" onclick=submitPopover(this)>Yes</button>';
         popoverContent += '<button class="btn btn-inverse" style="float: right;" onclick=cancelPrompt()>Cancel</button>';
     popoverContent += '</div>';
-    placement = placement === undefined ? 'auto' : placement;
     openPopover($clicked, popoverContent, undefined, placement);
     $("#popoverConfirmOK")
     .focus()
diff --git a/docs/INSTALL.ubuntu2004.md b/docs/INSTALL.ubuntu2004.md
index d002caa88..6d6bb3447 100644
--- a/docs/INSTALL.ubuntu2004.md
+++ b/docs/INSTALL.ubuntu2004.md
@@ -175,18 +175,18 @@ installCore () {
   # FIXME: Remove libfaup etc once the egg has the library baked-in
   sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
   cd /tmp
-  [[ ! -d "faup" ]] && $SUDO_CMD git clone git://github.com/stricaud/faup.git faup
-  [[ ! -d "gtcaca" ]] && $SUDO_CMD git clone git://github.com/stricaud/gtcaca.git gtcaca
+  false; while [[ $? -ne 0 ]]; do [[ ! -d "faup" ]] && ${SUDO_CMD} git clone git://github.com/stricaud/faup.git faup; done
+  false; while [[ $? -ne 0 ]]; do [[ ! -d "gtcaca" ]] && ${SUDO_CMD} git clone git://github.com/stricaud/gtcaca.git gtcaca; done
   sudo chown -R ${MISP_USER}:${MISP_USER} faup gtcaca
   cd gtcaca
-  $SUDO_CMD mkdir -p build
+  ${SUDO_CMD} mkdir -p build
   cd build
-  $SUDO_CMD cmake .. && $SUDO_CMD make
+  ${SUDO_CMD} cmake .. && ${SUDO_CMD} make
   sudo make install
   cd ../../faup
-  $SUDO_CMD mkdir -p build
+  ${SUDO_CMD} mkdir -p build
   cd build
-  $SUDO_CMD cmake .. && $SUDO_CMD make
+  ${SUDO_CMD} cmake .. && ${SUDO_CMD} make
   sudo make install
   sudo ldconfig
 
diff --git a/docs/generic/globalVariables.md b/docs/generic/globalVariables.md
index 5a1265595..8a451317e 100644
--- a/docs/generic/globalVariables.md
+++ b/docs/generic/globalVariables.md
@@ -17,27 +17,33 @@ MISPvars () {
   # RHEL/CentOS
   if [[ -f "/etc/redhat-release" ]]; then
     WWW_USER='apache'
+    SUDO_WWW="sudo -H -u ${WWW_USER} "
   # Debian flavoured
   elif [[ -f "/etc/debian_version" ]]; then
     WWW_USER="www-data"
+    SUDO_WWW="sudo -H -u ${WWW_USER} "
   # OpenBSD
   elif [[ "$(uname -s)" == "OpenBSD" ]]; then
     WWW_USER="www"
     PATH_TO_MISP="/var/www/htdocs/MISP"
+    SUDO_WWW="doas -u www "
+    SUDO_CMD="doas "
   # NetBSD
   elif [[ "$(uname -s)" == "NetBSD" ]]; then
     WWW_USER="www"
     PATH_TO_MISP="/usr/pkg/share/httpd/htdocs/MISP"
+    SUDO_WWW="sudo -H -u ${WWW_USER} "
   else
     # I am feeling lucky
     WWW_USER="www-data"
+    SUDO_WWW="sudo -H -u ${WWW_USER} "
   fi
 
-  if [ -z "$FQDN" ]; then
+  if [ -z "${FQDN}" ]; then
     FQDN="misp.local"
   fi
 
-  if [ -z "$MISP_BASEURL" ]; then
+  if [ -z "${MISP_BASEURL}" ]; then
     MISP_BASEURL='""'
   fi
 
@@ -52,13 +58,13 @@ MISPvars () {
   DBPASSWORD_MISP="$(openssl rand -hex 32)"
 
   # OpenSSL configuration
-  OPENSSL_CN=$FQDN
+  OPENSSL_CN=${FQDN}
   OPENSSL_C='LU'
   OPENSSL_ST='State'
   OPENSSL_L='Location'
   OPENSSL_O='Organization'
   OPENSSL_OU='Organizational Unit'
-  OPENSSL_EMAILADDRESS="info@$FQDN"
+  OPENSSL_EMAILADDRESS="info@${FQDN}"
 
   # GPG configuration
   GPG_REAL_NAME='Autogenerated Key'
@@ -81,7 +87,7 @@ MISPvars () {
   max_execution_time=300
   memory_limit=2048M
 
-  CAKE="$PATH_TO_MISP/app/Console/cake"
+  CAKE="${PATH_TO_MISP}/app/Console/cake"
 
   # sudo config to run $LUSER commands
   if [[ "$(groups ${MISP_USER} |grep -o 'staff')" == "staff" ]]; then
@@ -89,8 +95,7 @@ MISPvars () {
   else
     SUDO_CMD="sudo -H -u ${MISP_USER}"
   fi
-  SUDO_WWW="sudo -H -u ${WWW_USER} "
-
+  
   echo "The following DB Passwords were generated..."
   echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
   echo "User  (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
diff --git a/docs/generic/mail_to_misp-debian.md b/docs/generic/mail_to_misp-debian.md
index f18b473e8..968fb8975 100644
--- a/docs/generic/mail_to_misp-debian.md
+++ b/docs/generic/mail_to_misp-debian.md
@@ -8,9 +8,9 @@ mail2misp () {
   debug "Installing Mail2${LBLUE}MISP${NC}"
   cd /usr/local/src/
   sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
-  $SUDO_CMD git clone https://github.com/MISP/mail_to_misp.git
-  [[ ! -d "faup" ]] && $SUDO_CMD git clone git://github.com/stricaud/faup.git faup
-  [[ ! -d "gtcaca" ]] && $SUDO_CMD git clone git://github.com/stricaud/gtcaca.git gtcaca
+  false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/MISP/mail_to_misp.git; done
+  [[ ! -d "faup" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone git://github.com/stricaud/faup.git faup; done
+  [[ ! -d "gtcaca" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone git://github.com/stricaud/gtcaca.git gtcaca; done
   sudo chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp gtcaca
   cd gtcaca
   $SUDO_CMD mkdir -p build
diff --git a/docs/generic/misp-dashboard-centos.md b/docs/generic/misp-dashboard-centos.md
index e2dcfebd3..c53871fcd 100644
--- a/docs/generic/misp-dashboard-centos.md
+++ b/docs/generic/misp-dashboard-centos.md
@@ -14,7 +14,7 @@ mispDashboard () {
   sudo yum install wget screen -y
   sudo mkdir /var/www/misp-dashboard
   sudo chown $WWW_USER:$WWW_USER /var/www/misp-dashboard
-  $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git /var/www/misp-dashboard
+  false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git /var/www/misp-dashboard; done
   cd /var/www/misp-dashboard
   sudo sed -i -E 's/sudo apt/#sudo apt/' install_dependencies.sh
   sudo sed -i -E 's/virtualenv -p python3 DASHENV/\/usr\/bin\/scl enable rh-python36 \"virtualenv -p python3 DASHENV\"/' install_dependencies.sh
diff --git a/docs/generic/misp-dashboard-debian.md b/docs/generic/misp-dashboard-debian.md
index 38eb8c93f..0e2928f16 100644
--- a/docs/generic/misp-dashboard-debian.md
+++ b/docs/generic/misp-dashboard-debian.md
@@ -16,7 +16,7 @@ mispDashboard () {
   sudo mkdir misp-dashboard
   sudo chown $WWW_USER:$WWW_USER misp-dashboard
 
-  $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
+  false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git; done
   cd misp-dashboard
   sudo -H /var/www/misp-dashboard/install_dependencies.sh
   sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
diff --git a/docs/generic/misp-modules-centos.md b/docs/generic/misp-modules-centos.md
index 554b4c250..4a39a1ccc 100644
--- a/docs/generic/misp-modules-centos.md
+++ b/docs/generic/misp-modules-centos.md
@@ -8,7 +8,7 @@ mispmodulesRHEL () {
   sudo chmod 2777 /usr/local/src
   sudo chown root:users /usr/local/src
   cd /usr/local/src/
-  $SUDO_WWW git clone https://github.com/MISP/misp-modules.git
+  false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MISP/misp-modules.git; done
   cd misp-modules
   # pip install
   $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U -I -r REQUIREMENTS
diff --git a/docs/generic/misp-modules-debian.md b/docs/generic/misp-modules-debian.md
index 9aca73b19..3ecbf4046 100644
--- a/docs/generic/misp-modules-debian.md
+++ b/docs/generic/misp-modules-debian.md
@@ -8,9 +8,9 @@ mispmodules () {
   sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
   ## TODO: checkUsrLocalSrc in main doc
   debug "Cloning misp-modules"
-  $SUDO_CMD git clone https://github.com/MISP/misp-modules.git
-  $SUDO_CMD git clone git://github.com/stricaud/gtcaca.git
-  $SUDO_CMD git clone git://github.com/stricaud/faup.git
+  false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/MISP/misp-modules.git; done
+  [[ ! -d "faup" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone git://github.com/stricaud/faup.git faup; done
+  [[ ! -d "gtcaca" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone git://github.com/stricaud/gtcaca.git gtcaca; done
   sudo chown -R ${MISP_USER}:${MISP_USER} faup gtcaca
   # Install gtcaca
   cd gtcaca
diff --git a/docs/generic/viper-debian.md b/docs/generic/viper-debian.md
index ff7be239c..09cae71dc 100644
--- a/docs/generic/viper-debian.md
+++ b/docs/generic/viper-debian.md
@@ -18,8 +18,8 @@ viper () {
     fi
   fi
   echo "Cloning Viper"
-  $SUDO_CMD git clone https://github.com/viper-framework/viper.git
-  $SUDO_CMD git clone https://github.com/viper-framework/viper-web.git
+  false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/viper-framework/viper.git; done
+  false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/viper-framework/viper-web.git; done
   sudo chown -R $MISP_USER:$MISP_USER viper
   sudo chown -R $MISP_USER:$MISP_USER viper-web
   cd viper
diff --git a/docs/xINSTALL.NetBSD.md b/docs/xINSTALL.NetBSD.md
index ee98fcc5e..12a52cb5e 100644
--- a/docs/xINSTALL.NetBSD.md
+++ b/docs/xINSTALL.NetBSD.md
@@ -1,5 +1,5 @@
 # INSTALLATION INSTRUCTIONS
-## for NetBSD 8.1-amd64
+## for NetBSD 9.0-amd64
 
 !!! warning
     This is not fully working yet. Mostly it is a template for our ongoing documentation efforts :spider:
@@ -33,7 +33,9 @@ export AUTOCONF_VERSION=2.69
 
 #### sudo & pkgin (as root)
 ```bash
-su root -c "pkgin install sudo gsed"
+su root -c "cd /usr/pkgsrc/pkg tools/pkgin/; make install clean"
+su root -c "pkgin update"
+su root -c "pkgin -y install sudo gsed"
 su root -c 'gsed -i -e "s/# %wheel ALL=(ALL) NOPASSWD: ALL/%wheel ALL=(ALL) NOPASSWD: ALL/" /usr/pkg/etc/sudoers'
 ```
 
@@ -41,10 +43,11 @@ su root -c 'gsed -i -e "s/# %wheel ALL=(ALL) NOPASSWD: ALL/%wheel ALL=(ALL) NOPA
 
 ```bash
 cd /usr
-env CVS_RSH=ssh sudo cvs -d anoncvs@anoncvs.NetBSD.org:/cvsroot checkout -P pkgsrc
+env CVS_RSH=ssh cvs -d anoncvs@anoncvs.NetBSD.org:/cvsroot checkout -P pkgsrc
 cd pkgsrc/bootstrap
-sudo ./bootstrap
-sudo /usr/pkg/sbin/pkg_admin -K /var/db/pkg fetch-pkg-vulnerabilities
+./bootstrap
+cd /usr/pkgsrc/pkg tools/pkgin/; make install clean
+/usr/pkg/sbin/pkg_admin fetch-pkg-vulnerabilities
 ```
 
 ```
@@ -61,56 +64,56 @@ users crontab(5) entry. For example the entry
 
 #### Install bash
 ```bash
-sudo pkgin install bash
+sudo pkgin -y install bash
 ```
 
 #### mariadb server
 ```bash
-sudo pkgin install mariadb-server 
+sudo pkgin -y install mysql-server 
 ```
 
 #### Install misc dependencies
 
 ```bash
-sudo pkgin install curl git python36 py36-pip redis autoconf automake libtool magic
+sudo pkgin -y install curl git python37 py37-pip redis autoconf automake libtool magic
 ```
 
 ```bash
-sudo pkgin install gnupg2
+sudo pkgin -y install gnupg2
 ```
 
 #### Install postfix (optional)
 
 ```bash
-sudo pkgin install postfix
+sudo pkgin -y install postfix
 ```
 
 #### vim (optional)
 ```bash
-sudo pkgin install vim
+sudo pkgin -y install vim
 sudo mv /usr/bin/vi /usr/bin/vi-`date +%d%m%y`
 sudo ln -s /usr/pkg/bin/vim /usr/bin/vi
 ```
 
-#### misp user #REMOVE
-```bash
-sudo useradd -m -s /usr/local/bin/bash -G wheel,www misp
-```
-
 #### apache + php + moz-rootcerts
 
 ```bash
-sudo pkgin install php ap24-php73 php73-fpm php73-redis3 php73-mysqli php73-pdo_mysql php73-pcntl php73-json php73-iconv php73-gd php73-mbstring php73-pear-Crypt_GPG
+sudo pkgin -y install php ap24-php74 php74-fpm php74-redis3 php74-mysqli php74-pdo_mysql php74-pcntl php74-json php74-iconv php74-gd php74-mbstring php74-pear-Crypt_GPG
 sudo cp /usr/share/examples/openssl/openssl.cnf /etc/openssl/
 sudo mozilla-rootcerts install
 sudo cp /usr/pkg/share/examples/rc.d/apache /etc/rc.d/
 echo apache=yes |sudo tee /etc/rc.conf.d/apache
 ```
 
+#### misp user
+```bash
+sudo useradd -m -s /usr/pkg/bin/bash -G wheel,www misp
+```
+
 #### Install X11R7 post-install
 ```bash
 cd /tmp
-wget https://ftp.netbsd.org/pub/NetBSD/NetBSD-8.1/amd64/binary/sets/xbase.tgz
+wget https://ftp.netbsd.org/pub/NetBSD/NetBSD-9.0/amd64/binary/sets/xbase.tgz
 sudo tar -C / -xzphf xbase.tgz
 rm xbase.tgz
 ```
@@ -129,16 +132,16 @@ OPENSSL_EMAILADDRESS='info@localhost'
 ```
 
 ```bash
-sudo openssl req -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=$OPENSSL_C/ST=$OPENSSL_ST/L=$OPENSSL_L/O=<$OPENSSL_O/OU=$OPENSSL_OU/CN=$OPENSSL_CN/emailAddress=$OPENSSL_EMAILADDRESS" -keyout /etc/openssl/private/server.key -out /usr/pkg/etc/httpd/server.crt
+sudo openssl req -sha256 -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=$OPENSSL_C/ST=$OPENSSL_ST/L=$OPENSSL_L/O=<$OPENSSL_O/OU=$OPENSSL_OU/CN=$OPENSSL_CN/emailAddress=$OPENSSL_EMAILADDRESS" -keyout /etc/openssl/private/server.key -out /usr/pkg/etc/httpd/server.crt
 ```
 
 #### Install Python virtualenv
 ```bash
-sudo ln -sf /usr/pkg/bin/pip3.6 /usr/pkg/bin/pip
-sudo ln -s /usr/pkg/bin/python3.6 /usr/pkg/bin/python
-sudo ln -s /usr/pkg/bin/python3.6 /usr/pkg/bin/python3
-sudo pkgin install py36-virtualenv
-sudo ln -s /usr/pkg/bin/virtualenv-3.6 /usr/pkg/bin/virtualenv
+sudo ln -sf /usr/pkg/bin/pip3.7 /usr/pkg/bin/pip
+sudo ln -s /usr/pkg/bin/python3.7 /usr/pkg/bin/python
+sudo ln -s /usr/pkg/bin/python3.7 /usr/pkg/bin/python3
+sudo pkgin -y install py37-virtualenv
+sudo ln -s /usr/pkg/bin/virtualenv-3.7 /usr/pkg/bin/virtualenv
 ```
 
 #### Install ssdeep
@@ -146,11 +149,11 @@ sudo ln -s /usr/pkg/bin/virtualenv-3.6 /usr/pkg/bin/virtualenv
 sudo mkdir -p /usr/local/src
 sudo chown misp:users /usr/local/src
 cd /usr/local/src
-git clone https://github.com/ssdeep-project/ssdeep.git
+sudo -u misp git clone https://github.com/ssdeep-project/ssdeep.git
 cd ssdeep
-./bootstrap
-./configure --prefix=/usr
-make
+sudo -u misp ./bootstrap
+sudo -u misp ./configure --prefix=/usr
+sudo -u misp make
 sudo make install
 ```
 
@@ -167,10 +170,8 @@ sudo /etc/rc.d/redis start
 
 #### Enable mysqld
 ```bash
-sudo /usr/pkg/bin/mysql_install_db
 sudo cp /usr/pkg/share/examples/rc.d/mysqld /etc/rc.d/
 echo mysqld=yes |sudo tee /etc/rc.conf.d/mysqld
-sudo chown -R mariadb:mariadb /var/mariadb
 sudo /etc/rc.d/mysqld start
 sudo /usr/pkg/bin/mysql_secure_installation
 # TODO: Figure out how to properly bind to localhost
@@ -186,15 +187,15 @@ sudo mkdir $PATH_TO_MISP
 sudo chown www:www $PATH_TO_MISP
 cd $PATH_TO_MISP
 sudo -u www git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
-sudo -u www git submodule update --init --recursive
+sudo -u www git submodule update --progress --init --recursive
 # Make git ignore filesystem permission differences for submodules
 sudo -u www git submodule foreach --recursive git config core.filemode false
 
 # Make git ignore filesystem permission differences
 sudo -u www git config core.filemode false
 
-#sudo pkgin install py-pip py3-pip libxslt py3-jsonschema
-sudo pkgin install libxslt
+#sudo pkgin -y install py-pip py3-pip libxslt py3-jsonschema
+sudo pkgin -y install libxslt
 #sudo virtualenv -ppython3 /usr/local/virtualenvs/MISP
 sudo -u www virtualenv -ppython3 $PATH_TO_MISP/venv
 sudo -u www HOME=/tmp $PATH_TO_MISP/venv/bin/pip install -U pip
@@ -462,7 +463,7 @@ sudo -u www bash $PATH_TO_MISP/app/Console/worker/start.sh
 #### MISP Modules
 ```
 #/usr/pkgsrc/graphics/opencv2/ (needs X11)
-sudo pkgin install jpeg yara
+sudo pkgin -y install jpeg yara
 cd /usr/local/src/
 git clone https://github.com/MISP/misp-modules.git
 cd misp-modules
@@ -645,7 +646,7 @@ sudo -u www $CAKE Admin setSetting "Session.cookie_timeout" 3600
 
 #### ZeroMQ depends on the Python client for Redis
 ```bash
-sudo pkgin install zeromq
+sudo pkgin -y install zeromq
 sudo -u www HOME=/tmp $PATH_TO_MISP/venv/bin/pip install pyzmq
 ```
 
diff --git a/docs/xINSTALL.OpenBSD.md b/docs/xINSTALL.OpenBSD.md
index 182aa5575..ee21e007b 100644
--- a/docs/xINSTALL.OpenBSD.md
+++ b/docs/xINSTALL.OpenBSD.md
@@ -1,5 +1,5 @@
 # INSTALLATION INSTRUCTIONS
-## for OpenBSD 6.5-amd64
+## for OpenBSD 6.7-amd64
 
 !!! warning
     This is not fully working yet. Mostly it is a template for our ongoing documentation efforts :spider:
@@ -85,29 +85,19 @@ doas pkg_add -v mariadb-server
 
 #### Install misc dependencies
 
-!!! notice
-    You need to install python 3.x when asked, option 2.
-    autoconf wants to be version 2.69, option 16
-    automake wants to be version 1.16, option 7
-
 ```bash
-doas pkg_add -v curl git python redis libmagic autoconf automake libtool unzip
+doas pkg_add -v curl git python--%3.7 redis libmagic autoconf--%2.69 automake--%1.16 libtool unzip--iconv
 ```
 
-!!! notice
-    GnuPG 2.x is best, option 3.
-
 ```bash
-doas pkg_add -v gnupg
+doas pkg_add -v gnupg--%gnupg2
 doas ln -s /usr/local/bin/gpg2 /usr/local/bin/gpg
 ```
 
 #### Install postfix (optional)
-!!! notice
-    When asked, the standard postfix will be enough for a basic setup, option 9.
 
 ```bash
-doas pkg_add -v postfix
+doas pkg_add -v postfix--%stable
 doas /usr/local/sbin/postfix-enable 
 ```
 
@@ -146,21 +136,17 @@ doas cp /etc/examples/httpd.conf /etc # adjust by hand, or copy/paste the config
 ```
 
 ```
-# $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $
+# $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $
 
 #
 # Macros
 #
-ext4_addr="*"
-ext6_addr="::"
+ext_addr="*"
 
 server "default" {
         #listen on $ext4_addr port 80 block return 301 "https://$SERVER_NAME$REQUEST_URI"
-        listen on $ext4_addr port 80
-        listen on $ext4_addr tls port 443
-        #listen on $ext6_addr port 80 block return 301 "https://$SERVER_NAME$REQUEST_URI"
-        listen on $ext6_addr port 80
-        listen on $ext6_addr tls port 443
+        listen on $ext_addr port 80
+        listen on $ext_addr tls port 443
 
         root "/htdocs/MISP/app/webroot"
 
@@ -242,11 +228,11 @@ doas rcctl enable httpd
 
 #### Install Python virtualenv
 ```bash
-doas ln -sf /usr/local/bin/pip3.6 /usr/local/bin/pip
-doas ln -s /usr/local/bin/python3.6 /usr/local/bin/python
-doas pkg_add -v py-virtualenv
+doas pkg_add -v py3-virtualenv py3-pip
+doas ln -sf /usr/local/bin/pip3.7 /usr/local/bin/pip
+doas ln -s /usr/local/bin/python3.7 /usr/local/bin/python
 doas mkdir /usr/local/virtualenvs
-doas virtualenv -ppython3 /usr/local/virtualenvs/MISP
+doas virtualenv-3 /usr/local/virtualenvs/MISP
 ```
 
 #### Install ssdeep
@@ -264,44 +250,42 @@ doas pkg_add -v fcgi-cgi fcgi
 !!! notice
     php-5.6 is marked as end-of-life starting December 2018, use php 7.0 instead.
     Option 2.
-    If on OpenBSD 6.3, upgrade to 6.5 to make your life much easier.
+    If on OpenBSD 6.3, upgrade to 6.7 to make your life much easier.
 
 ```
-doas pkg_add -v php-mysqli php-pcntl php-pdo_mysql php-apache pecl73-redis php-gd
+doas pkg_add -v php-mysqli--%7.4 php-pcntl--%7.4 php-pdo_mysql--%7.4 php-apache--%7.4 pecl74-redis php-gd--%7.4
 ```
 
-#### /etc/php-7.3.ini 
+#### /etc/php-7.4.ini 
 ```
-## TODO: sed foo as .ini exists
-allow_url_fopen = On
+doas sed -i "s/^allow_url_fopen = Off/allow_url_fopen = On/g" /etc/php-7.4.ini
 ```
 
 ```bash
-cd /etc/php-7.3
-doas cp ../php-7.3.sample/* .
+cd /etc/php-7.4
+doas cp ../php-7.4.sample/* .
 ```
 
 #### php symlinks
 ```bash
-doas ln -s /usr/local/bin/php-7.3 /usr/local/bin/php
-doas ln -s /usr/local/bin/phpize-7.3 /usr/local/bin/phpize
-doas ln -s /usr/local/bin/php-config-7.3 /usr/local/bin/php-config
+doas ln -s /usr/local/bin/php-7.4 /usr/local/bin/php
+doas ln -s /usr/local/bin/phpize-7.4 /usr/local/bin/phpize
+doas ln -s /usr/local/bin/php-config-7.4 /usr/local/bin/php-config
 ```
 
 #### Enable php fpm 
 ```bash
-doas rcctl enable php73_fpm
+doas rcctl enable php74_fpm
 ```
 
 #### Configure fpm
 ```
 doas vi /etc/php-fpm.conf
 
-# pid = /var/www/run/php-fpm.pid
-# error_log = /var/www/logs/php-fpm.log
+doas sed -i "s/^;pid = run\/php-fpm.pid/pid = \/var\/www\/run\/php-fpm.pid/g" /etc/php-fpm.conf
+doas sed -i "s/^;error_log = log\/php-fpm.log/error_log = \/var\/www\/logs\/php-fpm.log/g" /etc/php-fpm.conf
 
-doas mkdir /etc/php-fpm.d
-doas vi /etc/php-fpm.d/default.conf
+doas mkdir -p /etc/php-fpm.d
 echo ";;;;;;;;;;;;;;;;;;;;
 ; Pool Definitions ;
 ;;;;;;;;;;;;;;;;;;;;
@@ -320,7 +304,7 @@ pm.min_spare_servers = 1
 pm.max_spare_servers = 3
 chroot = /var/www" | doas tee /etc/php-fpm.d/default.conf
 
-doas /etc/rc.d/php73_fpm start 
+doas /etc/rc.d/php74_fpm start 
 ```
 
 !!! notice
@@ -339,6 +323,7 @@ doas /usr/local/bin/mysql_install_db
 doas rcctl set mysqld status on
 doas rcctl set mysqld flags --bind-address=127.0.0.1
 doas /etc/rc.d/mysqld start
+echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
 doas mysql_secure_installation
 ```
 
@@ -349,22 +334,22 @@ doas mysql_secure_installation
 doas mkdir /var/www/htdocs/MISP
 doas chown www:www /var/www/htdocs/MISP
 cd /var/www/htdocs/MISP
-doas -u www git clone https://github.com/MISP/MISP.git /var/www/htdocs/MISP
-doas -u www git submodule update --init --recursive
+false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/MISP/MISP.git /var/www/htdocs/MISP; done
+false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git submodule update --progress --init --recursive; done
 # Make git ignore filesystem permission differences for submodules
-doas -u www git submodule foreach --recursive git config core.filemode false
+${SUDO_WWW} git submodule foreach --recursive git config core.filemode false
 
 # Make git ignore filesystem permission differences
-doas -u www git config core.filemode false
+${SUDO_WWW} git config core.filemode false
 
-doas pkg_add py-pip py3-pip libxml libxslt py3-jsonschema
+doas pkg_add -v py3-pip libxml libxslt py3-jsonschema
 doas /usr/local/virtualenvs/MISP/bin/pip install -U pip
 
 cd /var/www/htdocs/MISP/app/files/scripts
-doas -u www git clone https://github.com/CybOXProject/mixbox.git
-doas -u www git clone https://github.com/CybOXProject/python-cybox.git
-doas -u www git clone https://github.com/STIXProject/python-stix.git
-doas -u www git clone https://github.com/MAECProject/python-maec.git
+false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git; done
+false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git; done
+false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/MAECProject/python-maec.git; done
+false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git; done
 
 cd /var/www/htdocs/MISP/app/files/scripts/python-cybox
 doas /usr/local/virtualenvs/MISP/bin/python setup.py install
@@ -399,15 +384,10 @@ doas /usr/local/virtualenvs/MISP/bin/pip install git+https://github.com/kbandla/
 # Install CakeResque along with its dependencies if you intend to use the built in background jobs:
 cd /var/www/htdocs/MISP/app
 doas mkdir /var/www/.composer ; doas chown www:www /var/www/.composer
-#EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
-#doas -u www php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-#doas -u www php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
-#doas -u www env HOME=/var/www php composer-setup.php
-#doas -u www php -r "unlink('composer-setup.php');"
-doas -u www env HOME=/var/www php composer.phar install
+${SUDO_WWW} env HOME=/var/www php composer.phar install
 
 # To use the scheduler worker for scheduled tasks, do the following:
-doas -u www cp -f /var/www/htdocs/MISP/INSTALL/setup/config.php /var/www/htdocs/MISP/app/Plugin/CakeResque/Config/config.php
+${SUDO_WWW} cp -f /var/www/htdocs/MISP/INSTALL/setup/config.php /var/www/htdocs/MISP/app/Plugin/CakeResque/Config/config.php
 ```
 
 ### 4/ Set the permissions
@@ -429,8 +409,11 @@ doas mysql -u root -p
 ```
 
 ```
+echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
+echo "User  (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
+
 MariaDB [(none)]> create database misp;
-MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
+MariaDB [(none)]> grant usage on *.* to misp@localhost identified by '${DBPASSWORD_MISP}';
 MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
 MariaDB [(none)]> flush privileges;
 MariaDB [(none)]> exit
@@ -438,7 +421,7 @@ MariaDB [(none)]> exit
 
 ```bash
 # Import the empty MISP database from MYSQL.sql
-doas -u www sh -c "mysql -u misp -p misp < /var/www/htdocs/MISP/INSTALL/MYSQL.sql"
+${SUDO_WWW} sh -c "mysql -u misp -p${DBPASSWORD_MISP} misp < /var/www/htdocs/MISP/INSTALL/MYSQL.sql"
 # enter the password you set previously
 ```
 
@@ -525,7 +508,7 @@ DirectoryIndex index.php
 ```
 
 ```bash
-doas ln -sf /var/www/conf/modules.sample/php-7.3.conf /var/www/conf/modules/php.conf
+doas ln -sf /var/www/conf/modules.sample/php-7.4.conf /var/www/conf/modules/php.conf
 # Restart apache
 doas /etc/rc.d/apache2 restart
 ``` 
@@ -539,13 +522,13 @@ doas /etc/rc.d/apache2 restart
 ---------------------
 ``` 
 # There are 4 sample configuration files in /var/www/htdocs/MISP/app/Config that need to be copied
-doas -u www cp /var/www/htdocs/MISP/app/Config/bootstrap.default.php /var/www/htdocs/MISP/app/Config/bootstrap.php
-doas -u www cp /var/www/htdocs/MISP/app/Config/database.default.php /var/www/htdocs/MISP/app/Config/database.php
-doas -u www cp /var/www/htdocs/MISP/app/Config/core.default.php /var/www/htdocs/MISP/app/Config/core.php
-doas -u www cp /var/www/htdocs/MISP/app/Config/config.default.php /var/www/htdocs/MISP/app/Config/config.php
+${SUDO_WWW} cp /var/www/htdocs/MISP/app/Config/bootstrap.default.php /var/www/htdocs/MISP/app/Config/bootstrap.php
+${SUDO_WWW} cp /var/www/htdocs/MISP/app/Config/database.default.php /var/www/htdocs/MISP/app/Config/database.php
+${SUDO_WWW} cp /var/www/htdocs/MISP/app/Config/core.default.php /var/www/htdocs/MISP/app/Config/core.php
+${SUDO_WWW} cp /var/www/htdocs/MISP/app/Config/config.default.php /var/www/htdocs/MISP/app/Config/config.php
 
 # Configure the fields in the newly created files:
-doas -u www vi /var/www/htdocs/MISP/app/Config/database.php
+${SUDO_WWW} vi /var/www/htdocs/MISP/app/Config/database.php
 ``` 
 ``` 
 # DATABASE_CONFIG has to be filled
@@ -574,7 +557,7 @@ doas -u www vi /var/www/htdocs/MISP/app/Config/database.php
 
 ``` 
 # Change base url in config.php
-doas -u www vi /var/www/htdocs/MISP/app/Config/config.php
+${SUDO_WWW} vi /var/www/htdocs/MISP/app/Config/config.php
 # example: 'baseurl' => 'https://<your.FQDN.here>',
 # alternatively, you can leave this field empty if you would like to use relative pathing in MISP
 # 'baseurl' => '',
@@ -601,7 +584,7 @@ echo "%echo Generating a default key
     # Do a commit here, so that we can later print "done"
     %commit
 %echo done" > /tmp/gen-key-script
-doas -u www mkdir /var/www/htdocs/MISP/.gnupg
+${SUDO_WWW} mkdir /var/www/htdocs/MISP/.gnupg
 doas chmod 700 /var/www/htdocs/MISP/.gnupg
 doas gpg2 --homedir /var/www/htdocs/MISP/.gnupg --batch --gen-key /tmp/gen-key-script
 # The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
@@ -613,7 +596,7 @@ doas sh -c "gpg2 --homedir /var/www/htdocs/MISP/.gnupg --export --armor $GPG_EMA
 doas chmod +x /var/www/htdocs/MISP/app/Console/worker/start.sh
 doas vi /etc/rc.local
 # Add the following line before the last line (exit 0). Make sure that you replace www with your apache user:
-doas -u www bash /var/www/htdocs/MISP/app/Console/worker/start.sh
+${SUDO_WWW} bash /var/www/htdocs/MISP/app/Console/worker/start.sh
 ``` 
 
 {!generic/INSTALL.done.md!}
@@ -623,7 +606,9 @@ doas -u www bash /var/www/htdocs/MISP/app/Console/worker/start.sh
 #### MISP Modules
 ```
 doas pkg_add -v jpeg yara
+mkdir -p /usr/local/src/
 cd /usr/local/src/
+doas chown ${MISP_USER} /usr/local/src
 doas -u misp git clone https://github.com/MISP/misp-modules.git
 cd misp-modules
 # pip3 install
@@ -633,8 +618,8 @@ doas /usr/local/virtualenvs/MISP/bin/pip install git+https://github.com/VirusTot
 doas /usr/local/virtualenvs/MISP/bin/pip install wand
 ##doas gem install pygments.rb
 ##doas gem install asciidoctor-pdf --pre
-doas -u www /usr/local/virtualenvs/MISP/bin/misp-modules -l 0.0.0.0 -s &
-echo "doas -u www /usr/local/virtualenvs/MISP/bin/misp-modules -l 0.0.0.0 -s &" |doas tee -a /etc/rc.local
+${SUDO_WWW} /usr/local/virtualenvs/MISP/bin/misp-modules -l 0.0.0.0 -s &
+echo "${SUDO_WWW} /usr/local/virtualenvs/MISP/bin/misp-modules -l 0.0.0.0 -s &" |doas tee -a /etc/rc.local
 ```
 
 !!! notice
@@ -652,7 +637,11 @@ echo "doas -u www /usr/local/virtualenvs/MISP/bin/misp-modules -l 0.0.0.0 -s &"
 
 ```bash
 doas $CAKE Live $MISP_LIVE
-AUTH_KEY=$(mysql -u misp -p misp -e "SELECT authkey FROM users;" | tail -1)
+AUTH_KEY=$(mysql -u misp -p${DBPASSWORD_MISP} misp -e "SELECT authkey FROM users;" | tail -1)
+$CAKE userInit -q
+$CAKE Admin runUpdates
+$CAKE Admin setSetting "MISP.python_bin" "/usr/local/virtualenvs/MISP/bin/python"
+
 # Update the galaxies…
 doas $CAKE Admin updateGalaxies
 
@@ -663,12 +652,10 @@ doas $CAKE Admin updateTaxonomies
 doas $CAKE Admin updateWarningLists
 
 # Updating the notice lists…
-## doas $CAKE Admin updateNoticeLists
-curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
+doas $CAKE Admin updateNoticeLists
 
 # Updating the object templates…
-##doas $CAKE Admin updateObjectTemplates
-curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
+doas $CAKE Admin updateObjectTemplates "1337"
 
 # Tune global time outs
 doas $CAKE Admin setSetting "Session.autoRegenerate" 0
@@ -677,7 +664,7 @@ doas $CAKE Admin setSetting "Session.cookie_timeout" 3600
 
 # Enable GnuPG
 doas $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
-doas $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
+doas $CAKE Admin setSetting "GnuPG.homedir" "${PATH_TO_MISP}/.gnupg"
 doas $CAKE Admin setSetting "GnuPG.password" "Password1234"
 
 # Enable Enrichment set better timeouts
@@ -852,7 +839,7 @@ doas /usr/local/virtualenvs/MISP/bin/pip install pyzmq
 cd /var/www
 doas mkdir misp-dashboard
 doas chown www:www misp-dashboard
-doas -u www git clone https://github.com/MISP/misp-dashboard.git
+${SUDO_WWW} git clone https://github.com/MISP/misp-dashboard.git
 cd misp-dashboard
 #/!\ Made on Linux, the next script will fail
 #doas /var/www/misp-dashboard/install_dependencies.sh
@@ -860,7 +847,7 @@ doas virtualenv -ppython3 /usr/local/virtualenvs/DASHENV
 doas /usr/local/virtualenvs/DASHENV/bin/pip install -U pip argparse redis zmq geoip2 flask phonenumbers pycountry
 
 doas sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
-doas sed -i -e '$i \doas -u www bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
+doas sed -i -e '$i \${SUDO_WWW} bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
 #/!\ Add port 8001 as a listener
 #doas sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
 doas pkg_add -v ap2-mod_wsgi
@@ -906,7 +893,7 @@ echo "<VirtualHost *:8001>
 doas ln -s /etc/apache2/sites-available/misp-dashboard.conf /etc/apache2/sites-enabled/misp-dashboard.conf
 ```
 
-Add this to /etc/httpd2.conf
+Add this to /etc/httpd.conf
 ```
 LoadModule wsgi_module /usr/local/lib/apache2/mod_wsgi.so
 Listen 8001
diff --git a/docs/xINSTALL.centos6.md b/docs/xINSTALL.centos6.md
index 85b0285cf..1fc9f1bff 100644
--- a/docs/xINSTALL.centos6.md
+++ b/docs/xINSTALL.centos6.md
@@ -129,62 +129,62 @@ sudo service redis start
 ------------
 ```bash
 # Download MISP using git in the /var/www/ directory.
-sudo mkdir $PATH_TO_MISP
-sudo chown apache:apache $PATH_TO_MISP
+sudo mkdir ${PATH_TO_MISP}
+sudo chown apache:apache ${PATH_TO_MISP}
 cd /var/www
-$SUDO_WWW git clone https://github.com/MISP/MISP.git
-cd $PATH_TO_MISP
-##$SUDO_WWW git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
+${SUDO_WWW} git clone https://github.com/MISP/MISP.git
+cd ${PATH_TO_MISP}
+##${SUDO_WWW} git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
 # if the last shortcut doesn't work, specify the latest version manually
 # example: git checkout tags/v2.4.XY
 # the message regarding a "detached HEAD state" is expected behaviour
 # (you only have to create a new branch, if you want to change stuff and do a pull request for example)
 
 # Fetch submodules
-$SUDO_WWW git submodule update --init --recursive
+${SUDO_WWW} git submodule update --init --recursive
 # Make git ignore filesystem permission differences for submodules
-$SUDO_WWW git submodule foreach --recursive git config core.filemode false
+${SUDO_WWW} git submodule foreach --recursive git config core.filemode false
 
 # Create a python3 virtualenv
-$SUDO_WWW $RUN_PYTHON "virtualenv -p python3 $PATH_TO_MISP/venv"
+${SUDO_WWW} $RUN_PYTHON "virtualenv -p python3 ${PATH_TO_MISP}/venv"
 sudo mkdir /var/www/.cache
 sudo chown apache:apache /var/www/.cache
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U pip setuptools
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U pip setuptools
 
 # install Mitre's STIX and its dependencies by running the following commands:
 sudo yum install python-importlib python-lxml python-dateutil python-six -y
-cd $PATH_TO_MISP/app/files/scripts
-$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
-$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
-cd $PATH_TO_MISP/app/files/scripts/python-cybox
+cd ${PATH_TO_MISP}/app/files/scripts
+${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git
+${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git
+cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
 # If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
 UMASK=$(umask)
 umask 0022
-cd $PATH_TO_MISP/app/files/scripts/python-stix
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+cd ${PATH_TO_MISP}/app/files/scripts/python-stix
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 
 # install maec
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U maec
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U maec
 
 # install zmq
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U zmq
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U zmq
 
 # install redis
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U redis
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U redis
 
 # lief needs manual compilation
 sudo yum install devtoolset-7 cmake3 -y
 
 sudo yum install http://opensource.wandisco.com/centos/6/git/x86_64/wandisco-git-release-6-1.noarch.rpm
 sudo yum install git -y
-cd $PATH_TO_MISP/app/files/scripts
-$SUDO_WWW git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
+cd ${PATH_TO_MISP}/app/files/scripts
+${SUDO_WWW} git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
 
 # TODO: Fix static path with PATH_TO_MISP
-cd $PATH_TO_MISP/app/files/scripts/lief
-$SUDO_WWW mkdir build
+cd ${PATH_TO_MISP}/app/files/scripts/lief
+${SUDO_WWW} mkdir build
 cd build
-$SUDO_WWW scl enable devtoolset-7 rh-python36 'bash -c "cmake3 \
+${SUDO_WWW} scl enable devtoolset-7 rh-python36 'bash -c "cmake3 \
 -DLIEF_PYTHON_API=on \
 -DLIEF_DOC=off \
 -DCMAKE_INSTALL_PREFIX=$LIEF_INSTALL \
@@ -192,30 +192,30 @@ $SUDO_WWW scl enable devtoolset-7 rh-python36 'bash -c "cmake3 \
 -DPYTHON_VERSION=3.6 \
 -DPYTHON_EXECUTABLE=/var/www/MISP/venv/bin/python \
 .."'
-$SUDO_WWW make -j3
+${SUDO_WWW} make -j3
 sudo make install
 cd api/python/lief_pybind11-prefix/src/lief_pybind11
-$SUDO_WWW $PATH_TO_MISP/venv/bin/python setup.py install
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install lief
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/python setup.py install
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install lief
 
 # install magic, pydeep
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U python-magic
 ## pydeep does not compile ):
 ## git+https://github.com/kbandla/pydeep.git
 
 # install mixbox to accommodate the new STIX dependencies:
-cd $PATH_TO_MISP/app/files/scripts/
-$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
-cd $PATH_TO_MISP/app/files/scripts/mixbox
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+cd ${PATH_TO_MISP}/app/files/scripts/
+${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git
+cd ${PATH_TO_MISP}/app/files/scripts/mixbox
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 
 # install STIX2.0 library to support STIX 2.0 export:
-cd $PATH_TO_MISP/cti-python-stix2
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+cd ${PATH_TO_MISP}/cti-python-stix2
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 
 # install PyMISP
-cd $PATH_TO_MISP/PyMISP
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+cd ${PATH_TO_MISP}/PyMISP
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 
 # FIXME: Remove libfaup etc once the egg has the library baked-in
 # BROKEN: This needs to be tested on RHEL/CentOS
@@ -254,17 +254,17 @@ sudo service rh-php70-php-fpm restart
 #### CakePHP is now included as a submodule of MISP and has been fetch by a previous step.
 #### Install CakeResque along with its dependencies if you intend to use the built in background jobs.
 ```bash
-sudo chown -R apache:apache $PATH_TO_MISP
+sudo chown -R apache:apache ${PATH_TO_MISP}
 sudo mkdir /var/www/.composer/
 sudo chown apache:apache /var/www/.composer/
-cd $PATH_TO_MISP/app
+cd ${PATH_TO_MISP}/app
 # Update composer.phar (optional)
 #EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
-#$SUDO_WWW $RUN_PHP -- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-#$SUDO_WWW $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
-#$SUDO_WWW $RUN_PHP "php composer-setup.php"
-#$SUDO_WWW $RUN_PHP -- php -r "unlink('composer-setup.php');"
-$SUDO_WWW $RUN_PHP "php composer.phar install"
+#${SUDO_WWW} $RUN_PHP -- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+#${SUDO_WWW} $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
+#${SUDO_WWW} $RUN_PHP "php composer-setup.php"
+#${SUDO_WWW} $RUN_PHP -- php -r "unlink('composer-setup.php');"
+${SUDO_WWW} $RUN_PHP "php composer.phar install"
 
 sudo yum install php-redis -y
 sudo service rh-php70-php-fpm restart
@@ -284,30 +284,30 @@ do
 done
 sudo service rh-php70-php-fpm restart
 # To use the scheduler worker for scheduled tasks, do the following:
-sudo cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
+sudo cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
 ```
 
 ### 5/ Set the permissions
 ----------------------
 ```bash
 # Make sure the permissions are set correctly using the following commands as root:
-sudo chown -R apache:apache $PATH_TO_MISP
-sudo find $PATH_TO_MISP -type d -exec chmod g=rx {} \;
-sudo chmod -R g+r,o= $PATH_TO_MISP
-sudo chmod -R 750 $PATH_TO_MISP
-sudo chmod -R g+xws $PATH_TO_MISP/app/tmp
-sudo chmod -R g+ws $PATH_TO_MISP/app/files
-sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
-sudo chmod -R g+rw $PATH_TO_MISP/venv
-sudo chmod -R g+rw $PATH_TO_MISP/.git
-sudo chown apache:apache $PATH_TO_MISP/app/files
-sudo chown apache:apache $PATH_TO_MISP/app/files/terms
-sudo chown apache:apache $PATH_TO_MISP/app/files/scripts/tmp
-sudo chown apache:apache $PATH_TO_MISP/app/Plugin/CakeResque/tmp
-sudo chown -R apache:apache $PATH_TO_MISP/app/Config
-sudo chown -R apache:apache $PATH_TO_MISP/app/tmp
-sudo chown -R apache:apache $PATH_TO_MISP/app/webroot/img/orgs
-sudo chown -R apache:apache $PATH_TO_MISP/app/webroot/img/custom
+sudo chown -R apache:apache ${PATH_TO_MISP}
+sudo find ${PATH_TO_MISP} -type d -exec chmod g=rx {} \;
+sudo chmod -R g+r,o= ${PATH_TO_MISP}
+sudo chmod -R 750 ${PATH_TO_MISP}
+sudo chmod -R g+xws ${PATH_TO_MISP}/app/tmp
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp
+sudo chmod -R g+rw ${PATH_TO_MISP}/venv
+sudo chmod -R g+rw ${PATH_TO_MISP}/.git
+sudo chown apache:apache ${PATH_TO_MISP}/app/files
+sudo chown apache:apache ${PATH_TO_MISP}/app/files/terms
+sudo chown apache:apache ${PATH_TO_MISP}/app/files/scripts/tmp
+sudo chown apache:apache ${PATH_TO_MISP}/app/Plugin/CakeResque/tmp
+sudo chown -R apache:apache ${PATH_TO_MISP}/app/Config
+sudo chown -R apache:apache ${PATH_TO_MISP}/app/tmp
+sudo chown -R apache:apache ${PATH_TO_MISP}/app/webroot/img/orgs
+sudo chown -R apache:apache ${PATH_TO_MISP}/app/webroot/img/custom
 ```
 
 ### 6/ Create a database and user
@@ -378,7 +378,7 @@ sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
 
 #### Import the empty MySQL database from MYSQL.sql
 ```bash
-$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
+${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
 ```
 
 
@@ -394,10 +394,10 @@ $SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSW
     If it is disabled, you can ignore the **chcon/setsebool/semanage/checkmodule/semodule*** commands.
 
 ```bash
-# Now configure your apache server with the DocumentRoot $PATH_TO_MISP/app/webroot/
-# A sample vhost can be found in $PATH_TO_MISP/INSTALL/old/apache.misp.centos6
+# Now configure your apache server with the DocumentRoot ${PATH_TO_MISP}/app/webroot/
+# A sample vhost can be found in ${PATH_TO_MISP}/INSTALL/old/apache.misp.centos6
 
-sudo cp $PATH_TO_MISP/INSTALL/old/apache.misp.centos6 /etc/httpd/conf.d/misp.conf
+sudo cp ${PATH_TO_MISP}/INSTALL/old/apache.misp.centos6 /etc/httpd/conf.d/misp.conf
 
 # Allow httpd to connect to the redis server and php-fpm over tcp/ip
 sudo setsebool -P httpd_can_network_connect on
@@ -427,20 +427,20 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
 ### 8/ Log rotation
 ---------------
 ```bash
-# MISP saves the stdout and stderr of its workers in $PATH_TO_MISP/app/tmp/logs
+# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
 # To rotate these logs install the supplied logrotate script:
 
-sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
 sudo chmod 0640 /etc/logrotate.d/misp
 
 # Now make logrotate work under SELinux as well
 # Allow logrotate to modify the log files
-sudo semanage fcontext -a -t httpd_log_t "$PATH_TO_MISP/app/tmp/logs(/.*)?"
-sudo chcon -R -t httpd_log_t $PATH_TO_MISP/app/tmp/logs
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/tmp/logs
+sudo semanage fcontext -a -t httpd_log_t "${PATH_TO_MISP}/app/tmp/logs(/.*)?"
+sudo chcon -R -t httpd_log_t ${PATH_TO_MISP}/app/tmp/logs
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/tmp/logs
 
 # Allow logrotate to read /var/www
-sudo checkmodule -M -m -o /tmp/misplogrotate.mod $PATH_TO_MISP/INSTALL/misplogrotate.te
+sudo checkmodule -M -m -o /tmp/misplogrotate.mod ${PATH_TO_MISP}/INSTALL/misplogrotate.te
 sudo semodule_package -o /tmp/misplogrotate.pp -m /tmp/misplogrotate.mod
 sudo semodule -i /tmp/misplogrotate.pp
 ```
@@ -448,11 +448,11 @@ sudo semodule -i /tmp/misplogrotate.pp
 ### 9/ MISP configuration
 ---------------------
 ```bash
-# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
+# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
 
 echo "<?php
 class DATABASE_CONFIG {
@@ -469,7 +469,7 @@ class DATABASE_CONFIG {
                 'prefix' => '',
                 'encoding' => 'utf8',
         );
-}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
+}" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php
 
 # Configure the fields in the newly created files:
 # config.php   : baseurl (example: 'baseurl' => 'http://misp',) - don't use "localhost" it causes issues when browsing externally
@@ -491,14 +491,14 @@ class DATABASE_CONFIG {
 #   );
 #}
 
-# Important! Change the salt key in $PATH_TO_MISP/app/Config/config.php
+# Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php
 # The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
 # If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
 # delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
 
 # If you want to be able to change configuration parameters from the webinterface:
-sudo chown apache:apache $PATH_TO_MISP/app/Config/config.php
-sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Config/config.php
+sudo chown apache:apache ${PATH_TO_MISP}/app/Config/config.php
+sudo chcon -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/Config/config.php
 
 # Generate a GPG encryption key.
 cat >/tmp/gen-key-script <<EOF
@@ -516,17 +516,17 @@ cat >/tmp/gen-key-script <<EOF
     %echo done
 EOF
 
-sudo gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
+sudo gpg --homedir ${PATH_TO_MISP}/.gnupg --batch --gen-key /tmp/gen-key-script
 sudo rm -f /tmp/gen-key-script
-sudo chown -R apache:apache $PATH_TO_MISP/.gnupg
+sudo chown -R apache:apache ${PATH_TO_MISP}/.gnupg
 
 # And export the public key to the webroot
-sudo gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sudo tee $PATH_TO_MISP/app/webroot/gpg.asc
-sudo chown apache:apache $PATH_TO_MISP/app/webroot/gpg.asc
+sudo gpg --homedir ${PATH_TO_MISP}/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sudo tee ${PATH_TO_MISP}/app/webroot/gpg.asc
+sudo chown apache:apache ${PATH_TO_MISP}/app/webroot/gpg.asc
 
 # Start the workers to enable background jobs
-sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
-$SUDO_WWW $RUN_PHP $PATH_TO_MISP/app/Console/worker/start.sh
+sudo chmod +x ${PATH_TO_MISP}/app/Console/worker/start.sh
+${SUDO_WWW} $RUN_PHP ${PATH_TO_MISP}/app/Console/worker/start.sh
 
 if [ ! -e /etc/rc.local ]
 then
@@ -551,21 +551,21 @@ sudo yum install -y openjpeg-devel
 sudo chmod 2777 /usr/local/src
 sudo chown root:users /usr/local/src
 cd /usr/local/src/
-$SUDO_WWW git clone https://github.com/MISP/misp-modules.git
+${SUDO_WWW} git clone https://github.com/MISP/misp-modules.git
 cd misp-modules
 # pip install
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
 # The following fails
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 sudo yum install rubygem-rouge rubygem-asciidoctor -y
 ##sudo gem install asciidoctor-pdf --pre
 
 # install additional dependencies for extended object generation and extraction
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install maec python-magic pathlib
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install maec python-magic pathlib
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
 
 # Start misp-modules
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
 
 # TODO: Fix static path with PATH_TO_MISP
 sudo sed -i -e '$i \sudo -u apache /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s &\n' /etc/rc.local
diff --git a/docs/xINSTALL.centos7.md b/docs/xINSTALL.centos7.md
index 84e96d63b..ed2ef39ec 100644
--- a/docs/xINSTALL.centos7.md
+++ b/docs/xINSTALL.centos7.md
@@ -43,7 +43,7 @@ Make sure you are reading the parsed version of this Document. When in doubt [cl
 # <snippet-begin 0_RHEL_PHP_INI.sh>
 # RHEL/CentOS Specific
 WWW_USER="apache"
-SUDO_WWW="sudo -H -u $WWW_USER"
+SUDO_WWW="sudo -H -u ${WWW_USER}"
 
 RUN_PHP='/usr/bin/scl enable rh-php72'
 PHP_INI=/etc/opt/rh/rh-php72/php.ini
@@ -118,91 +118,91 @@ sudo systemctl enable --now redis.service
 ```bash
 # Download MISP using git in the /var/www/ directory.
 PATH_TO_MISP="/var/www/MISP"
-sudo mkdir -p $(dirname $PATH_TO_MISP)
-sudo chown ${WWW_USER}:${WWW_USER} ($dirname $PATH_TO_MISP)
-cd $(dirname $PATH_TO_MISP)
-$SUDO_WWW git clone https://github.com/MISP/MISP.git
-cd $PATH_TO_MISP
-##$SUDO_WWW git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
+sudo mkdir -p $(dirname ${PATH_TO_MISP})
+sudo chown ${WWW_USER}:${WWW_USER} ($dirname ${PATH_TO_MISP})
+cd $(dirname ${PATH_TO_MISP})
+${SUDO_WWW} git clone https://github.com/MISP/MISP.git
+cd ${PATH_TO_MISP}
+##${SUDO_WWW} git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
 # if the last shortcut doesn't work, specify the latest version manually
 # example: git checkout tags/v2.4.XY
 # the message regarding a "detached HEAD state" is expected behaviour
 # (you only have to create a new branch, if you want to change stuff and do a pull request for example)
 
 # Fetch submodules
-$SUDO_WWW git submodule update --init --recursive
+${SUDO_WWW} git submodule update --init --recursive
 # Make git ignore filesystem permission differences for submodules
-$SUDO_WWW git submodule foreach --recursive git config core.filemode false
+${SUDO_WWW} git submodule foreach --recursive git config core.filemode false
 # Make git ignore filesystem permission differences
-$SUDO_WWW git config core.filemode false
+${SUDO_WWW} git config core.filemode false
 
 # Create a python3 virtualenv
 sudo pip3 install virtualenv
-$SUDO_WWW python3 "virtualenv -p python3 $PATH_TO_MISP/venv"
+${SUDO_WWW} python3 "virtualenv -p python3 ${PATH_TO_MISP}/venv"
 sudo mkdir /usr/share/httpd/.cache
 sudo chown ${WWW_USER}:${WWW_USER} /usr/share/httpd/.cache
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U pip setuptools
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U pip setuptools
 
 # install Mitre's STIX and its dependencies by running the following commands:
 ##sudo yum install python-importlib python-lxml python-dateutil python-six -y
 
-cd $PATH_TO_MISP/app/files/scripts
-$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
-$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
-$SUDO_WWW git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
-$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
+cd ${PATH_TO_MISP}/app/files/scripts
+${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git
+${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git
+${SUDO_WWW} git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
+${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git
 
-cd $PATH_TO_MISP/app/files/scripts/python-cybox
+cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
 # If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
 UMASK=$(umask)
 umask 0022
-cd $PATH_TO_MISP/app/files/scripts/python-stix
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+cd ${PATH_TO_MISP}/app/files/scripts/python-stix
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 
 # install maec
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U maec
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U maec
 
 # install zmq
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U zmq
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U zmq
 
 # install redis
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U redis
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U redis
 
 # lief needs manual compilation
 sudo yum install devtoolset-7 cmake3 -y
 
 
 # TODO: Fix static path with PATH_TO_MISP
-cd $PATH_TO_MISP/app/files/scripts/lief
-$SUDO_WWW mkdir build
+cd ${PATH_TO_MISP}/app/files/scripts/lief
+${SUDO_WWW} mkdir build
 cd build
-$SUDO_WWW scl enable devtoolset-7 'bash -c "cmake3 \
+${SUDO_WWW} scl enable devtoolset-7 'bash -c "cmake3 \
 -DLIEF_PYTHON_API=on \
 -DLIEF_DOC=off \
 -DCMAKE_INSTALL_PREFIX=$LIEF_INSTALL \
 -DCMAKE_BUILD_TYPE=Release \
 -DPYTHON_VERSION=3.6 \
--DPYTHON_EXECUTABLE=$PATH_TO_MISP/venv/bin/python \
+-DPYTHON_EXECUTABLE=${PATH_TO_MISP}/venv/bin/python \
 .."'
-$SUDO_WWW make -j3
+${SUDO_WWW} make -j3
 sudo make install
 cd api/python/lief_pybind11-prefix/src/lief_pybind11
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/python setup.py install
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install lief
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/python setup.py install
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install lief
 
 # install magic, pydeep
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic git+https://github.com/kbandla/pydeep.git
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U python-magic git+https://github.com/kbandla/pydeep.git
 
-cd $PATH_TO_MISP/app/files/scripts/mixbox
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+cd ${PATH_TO_MISP}/app/files/scripts/mixbox
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 
 # install STIX2.0 library to support STIX 2.0 export:
-cd $PATH_TO_MISP/cti-python-stix2
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+cd ${PATH_TO_MISP}/cti-python-stix2
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 
 # install PyMISP
-cd $PATH_TO_MISP/PyMISP
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+cd ${PATH_TO_MISP}/PyMISP
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 
 # FIXME: Remove libfaup etc once the egg has the library baked-in
 # BROKEN: This needs to be tested on RHEL/CentOS
@@ -237,17 +237,17 @@ umask $UMASK
 #### CakePHP is now included as a submodule of MISP and has been fetch by a previous step.
 #### Install CakeResque along with its dependencies if you intend to use the built in background jobs.
 ```bash
-sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
 sudo mkdir /usr/share/httpd/.composer
 sudo chown ${WWW_USER}:${WWW_USER} /usr/share/httpd/.composer
-cd $PATH_TO_MISP/app
+cd ${PATH_TO_MISP}/app
 # Update composer.phar (optional)
 #EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
-#$SUDO_WWW $RUN_PHP -- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-#$SUDO_WWW $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
-#$SUDO_WWW $RUN_PHP "php composer-setup.php"
-#$SUDO_WWW $RUN_PHP -- php -r "unlink('composer-setup.php');"
-$SUDO_WWW $RUN_PHP "php composer.phar install"
+#${SUDO_WWW} $RUN_PHP -- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+#${SUDO_WWW} $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
+#${SUDO_WWW} $RUN_PHP "php composer-setup.php"
+#${SUDO_WWW} $RUN_PHP -- php -r "unlink('composer-setup.php');"
+${SUDO_WWW} $RUN_PHP "php composer.phar install"
 
 sudo yum install php-redis -y
 sudo systemctl restart rh-php72-php-fpm.service
@@ -267,30 +267,30 @@ done
 sudo systemctl restart rh-php72-php-fpm.service
 
 # To use the scheduler worker for scheduled tasks, do the following:
-sudo cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
+sudo cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
 ```
 
 ### 5/ Set the permissions
 ----------------------
 ```bash
 # Make sure the permissions are set correctly using the following commands as root:
-sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP
-sudo find $PATH_TO_MISP -type d -exec chmod g=rx {} \;
-sudo chmod -R g+r,o= $PATH_TO_MISP
-sudo chmod -R 750 $PATH_TO_MISP
-sudo chmod -R g+xws $PATH_TO_MISP/app/tmp
-sudo chmod -R g+ws $PATH_TO_MISP/app/files
-sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
-sudo chmod -R g+rw $PATH_TO_MISP/venv
-sudo chmod -R g+rw $PATH_TO_MISP/.git
-sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/files
-sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/files/terms
-sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/files/scripts/tmp
-sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/Plugin/CakeResque/tmp
-sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/Config
-sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/tmp
-sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/webroot/img/orgs
-sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/webroot/img/custom
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
+sudo find ${PATH_TO_MISP} -type d -exec chmod g=rx {} \;
+sudo chmod -R g+r,o= ${PATH_TO_MISP}
+sudo chmod -R 750 ${PATH_TO_MISP}
+sudo chmod -R g+xws ${PATH_TO_MISP}/app/tmp
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp
+sudo chmod -R g+rw ${PATH_TO_MISP}/venv
+sudo chmod -R g+rw ${PATH_TO_MISP}/.git
+sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/files
+sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/files/terms
+sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/files/scripts/tmp
+sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/Plugin/CakeResque/tmp
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/Config
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/tmp
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/webroot/img/orgs
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/webroot/img/custom
 ```
 
 ### 6/ Create a database and user
@@ -360,7 +360,7 @@ sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
 
 #### Import the empty MySQL database from MYSQL.sql
 ```bash
-$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
+${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
 ```
 
 
@@ -376,10 +376,10 @@ $SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSW
     If it is disabled, you can ignore the **chcon/setsebool/semanage/checkmodule/semodule*** commands.
 
 ```bash
-# Now configure your apache server with the DocumentRoot $PATH_TO_MISP/app/webroot/
-# A sample vhost can be found in $PATH_TO_MISP/INSTALL/apache.misp.centos7
+# Now configure your apache server with the DocumentRoot ${PATH_TO_MISP}/app/webroot/
+# A sample vhost can be found in ${PATH_TO_MISP}/INSTALL/apache.misp.centos7
 
-sudo cp $PATH_TO_MISP/INSTALL/apache.misp.centos7.ssl /etc/httpd/conf.d/misp.ssl.conf
+sudo cp ${PATH_TO_MISP}/INSTALL/apache.misp.centos7.ssl /etc/httpd/conf.d/misp.ssl.conf
 sudo rm /etc/httpd/conf.d/ssl.conf
 sudo chmod 644 /etc/httpd/conf.d/misp.ssl.conf
 sudo sed -i '/Listen 80/a Listen 443' /etc/httpd/conf/httpd.conf
@@ -399,27 +399,27 @@ cat /etc/pki/tls/certs/dhparam.pem |sudo tee -a /etc/pki/tls/certs/misp.local.cr
 sudo systemctl restart httpd.service
 
 # Since SELinux is enabled, we need to allow httpd to write to certain directories
-sudo chcon -t bin_t $PATH_TO_MISP/venv/bin/*
-find $PATH_TO_MISP/venv -type f -name "*.so*" -or -name "*.so.*" | xargs sudo chcon -t lib_t
-sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files
-sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/terms
-sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/scripts/tmp
-sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Plugin/CakeResque/tmp
-sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/Console/cake
-sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/Console/worker/*.sh
-sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/*.py
-sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/*/*.py
-sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/lief/build/api/python/lief.so
-sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/Vendor/pear/crypt_gpg/scripts/crypt-gpg-pinentry
+sudo chcon -t bin_t ${PATH_TO_MISP}/venv/bin/*
+find ${PATH_TO_MISP}/venv -type f -name "*.so*" -or -name "*.so.*" | xargs sudo chcon -t lib_t
+sudo chcon -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/files
+sudo chcon -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/files/terms
+sudo chcon -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/files/scripts/tmp
+sudo chcon -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/Plugin/CakeResque/tmp
+sudo chcon -t httpd_sys_script_exec_t ${PATH_TO_MISP}/app/Console/cake
+sudo chcon -t httpd_sys_script_exec_t ${PATH_TO_MISP}/app/Console/worker/*.sh
+sudo chcon -t httpd_sys_script_exec_t ${PATH_TO_MISP}/app/files/scripts/*.py
+sudo chcon -t httpd_sys_script_exec_t ${PATH_TO_MISP}/app/files/scripts/*/*.py
+sudo chcon -t httpd_sys_script_exec_t ${PATH_TO_MISP}/app/files/scripts/lief/build/api/python/lief.so
+sudo chcon -t httpd_sys_script_exec_t ${PATH_TO_MISP}/app/Vendor/pear/crypt_gpg/scripts/crypt-gpg-pinentry
 # Only run these if you want to be able to update MISP from the web interface
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/.git
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/tmp
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Lib
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Config
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/tmp
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/webroot/img/orgs
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/webroot/img/custom
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/scripts/mispzmq
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/.git
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/tmp
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/Lib
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/Config
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/tmp
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/webroot/img/orgs
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/webroot/img/custom
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/files/scripts/mispzmq
 ```
 
 !!! warning
@@ -448,19 +448,19 @@ sudo firewall-cmd --reload
 ### 8/ Log rotation
 ---------------
 ```bash
-# MISP saves the stdout and stderr of its workers in $PATH_TO_MISP/app/tmp/logs
+# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
 # To rotate these logs install the supplied logrotate script:
 
-sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
 sudo chmod 0640 /etc/logrotate.d/misp
 
 # Now make logrotate work under SELinux as well
 # Allow logrotate to modify the log files
-sudo semanage fcontext -a -t httpd_log_t "$PATH_TO_MISP/app/tmp/logs(/.*)?"
-sudo chcon -R -t httpd_log_t $PATH_TO_MISP/app/tmp/logs
+sudo semanage fcontext -a -t httpd_log_t "${PATH_TO_MISP}/app/tmp/logs(/.*)?"
+sudo chcon -R -t httpd_log_t ${PATH_TO_MISP}/app/tmp/logs
 
 # Allow logrotate to read /var/www
-sudo checkmodule -M -m -o /tmp/misplogrotate.mod $PATH_TO_MISP/INSTALL/misplogrotate.te
+sudo checkmodule -M -m -o /tmp/misplogrotate.mod ${PATH_TO_MISP}/INSTALL/misplogrotate.te
 sudo semodule_package -o /tmp/misplogrotate.pp -m /tmp/misplogrotate.mod
 sudo semodule -i /tmp/misplogrotate.pp
 ```
@@ -468,11 +468,11 @@ sudo semodule -i /tmp/misplogrotate.pp
 ### 9/ MISP configuration
 ---------------------
 ```bash
-# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
+# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
 
 echo "<?php
 class DATABASE_CONFIG {
@@ -489,7 +489,7 @@ class DATABASE_CONFIG {
                 'prefix' => '',
                 'encoding' => 'utf8',
         );
-}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
+}" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php
 
 # Configure the fields in the newly created files:
 # config.php   : baseurl (example: 'baseurl' => 'http://misp',) - don't use "localhost" it causes issues when browsing externally
@@ -511,14 +511,14 @@ class DATABASE_CONFIG {
 #   );
 #}
 
-# Important! Change the salt key in $PATH_TO_MISP/app/Config/config.php
+# Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php
 # The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
 # If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
 # delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
 
 # If you want to be able to change configuration parameters from the webinterface:
-sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/Config/config.php
-sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Config/config.php
+sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/Config/config.php
+sudo chcon -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/Config/config.php
 
 # Generate a GPG encryption key.
 cat >/tmp/gen-key-script <<EOF
@@ -536,17 +536,17 @@ cat >/tmp/gen-key-script <<EOF
     %echo done
 EOF
 
-sudo gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
+sudo gpg --homedir ${PATH_TO_MISP}/.gnupg --batch --gen-key /tmp/gen-key-script
 sudo rm -f /tmp/gen-key-script
-sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/.gnupg
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/.gnupg
 
 # And export the public key to the webroot
-sudo gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sudo tee $PATH_TO_MISP/app/webroot/gpg.asc
-sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/webroot/gpg.asc
+sudo gpg --homedir ${PATH_TO_MISP}/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sudo tee ${PATH_TO_MISP}/app/webroot/gpg.asc
+sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/webroot/gpg.asc
 
 # Start the workers to enable background jobs
-sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
-$SUDO_WWW $RUN_PHP $PATH_TO_MISP/app/Console/worker/start.sh
+sudo chmod +x ${PATH_TO_MISP}/app/Console/worker/start.sh
+${SUDO_WWW} $RUN_PHP ${PATH_TO_MISP}/app/Console/worker/start.sh
 
 if [ ! -e /etc/rc.local ]
 then
@@ -556,7 +556,7 @@ then
 fi
 
 # TODO: Fix static path with PATH_TO_MISP
-sudo sed -i -e '$i \su -s /bin/bash apache -c "scl enable rh-php72 $PATH_TO_MISP/app/Console/worker/start.sh" > /tmp/worker_start_rc.local.log\n' /etc/rc.local
+sudo sed -i -e '$i \su -s /bin/bash apache -c "scl enable rh-php72 ${PATH_TO_MISP}/app/Console/worker/start.sh" > /tmp/worker_start_rc.local.log\n' /etc/rc.local
 # Make sure it will execute
 sudo chmod +x /etc/rc.local
 
@@ -571,23 +571,23 @@ sudo yum install openjpeg-devel -y
 sudo chmod 2777 /usr/local/src
 sudo chown root:users /usr/local/src
 cd /usr/local/src/
-$SUDO_WWW git clone https://github.com/MISP/misp-modules.git
+${SUDO_WWW} git clone https://github.com/MISP/misp-modules.git
 cd misp-modules
 # pip install
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 sudo yum install rubygem-rouge rubygem-asciidoctor -y
 ##sudo gem install asciidoctor-pdf --pre
 
 # install additional dependencies for extended object generation and extraction
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install maec python-magic pathlib
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install maec python-magic pathlib
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
 
 # Start misp-modules
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
 
 # TODO: Fix static path with PATH_TO_MISP
-sudo sed -i -e '$i \sudo -u apache $PATH_TO_MISP/venv/bin/misp-modules -l 127.0.0.1 -s &\n' /etc/rc.local
+sudo sed -i -e '$i \sudo -u apache ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s &\n' /etc/rc.local
 ```
 
 {!generic/misp-dashboard-centos.md!}
diff --git a/docs/xINSTALL.debian10.md b/docs/xINSTALL.debian10.md
index ddbe7b65f..e5c91573d 100644
--- a/docs/xINSTALL.debian10.md
+++ b/docs/xINSTALL.debian10.md
@@ -28,11 +28,11 @@ PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
 
 {!generic/ethX.md!}
 
-#### Add $MISP_USER to staff and $WWW_USER
+#### Add $MISP_USER to staff and ${WWW_USER}
 
 ```bash
 sudo adduser $MISP_USER staff
-sudo adduser $MISP_USER $WWW_USER
+sudo adduser $MISP_USER ${WWW_USER}
 ```
 
 #### Make sure your system is up2date and curl installed
@@ -122,45 +122,45 @@ sudo systemctl restart apache2
 ------------
 ```bash
 # Download MISP using git in the /var/www/ directory.
-sudo mkdir $PATH_TO_MISP
-sudo chown $WWW_USER:$WWW_USER $PATH_TO_MISP
-cd $PATH_TO_MISP
-$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
-$SUDO_WWW git submodule update --init --recursive
+sudo mkdir ${PATH_TO_MISP}
+sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
+cd ${PATH_TO_MISP}
+${SUDO_WWW} git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}
+${SUDO_WWW} git submodule update --init --recursive
 # Make git ignore filesystem permission differences for submodules
-$SUDO_WWW git submodule foreach --recursive git config core.filemode false
+${SUDO_WWW} git submodule foreach --recursive git config core.filemode false
 
 # Make git ignore filesystem permission differences
-$SUDO_WWW git config core.filemode false
+${SUDO_WWW} git config core.filemode false
 
 # Create a python3 virtualenv
-$SUDO_WWW virtualenv -p python3 ${PATH_TO_MISP}/venv
+${SUDO_WWW} virtualenv -p python3 ${PATH_TO_MISP}/venv
 
 # make pip happy
 sudo mkdir /var/www/.cache/
-sudo chown $WWW_USER:$WWW_USER /var/www/.cache
+sudo chown ${WWW_USER}:${WWW_USER} /var/www/.cache
 
-cd $PATH_TO_MISP/app/files/scripts
-$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
-$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
-$SUDO_WWW git clone https://github.com/MAECProject/python-maec.git
+cd ${PATH_TO_MISP}/app/files/scripts
+${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git
+${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git
+${SUDO_WWW} git clone https://github.com/MAECProject/python-maec.git
 # install mixbox to accommodate the new STIX dependencies:
-$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
-cd $PATH_TO_MISP/app/files/scripts/mixbox
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
-cd $PATH_TO_MISP/app/files/scripts/python-cybox
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
-cd $PATH_TO_MISP/app/files/scripts/python-stix
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
-cd $PATH_TO_MISP/app/files/scripts/python-maec
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git
+cd ${PATH_TO_MISP}/app/files/scripts/mixbox
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
+cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
+cd ${PATH_TO_MISP}/app/files/scripts/python-stix
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
+cd ${PATH_TO_MISP}/app/files/scripts/python-maec
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # install STIX2.0 library to support STIX 2.0 export:
 cd ${PATH_TO_MISP}/cti-python-stix2
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 
 # install PyMISP
-cd $PATH_TO_MISP/PyMISP
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+cd ${PATH_TO_MISP}/PyMISP
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # FIXME: Remove libfaup etc once the egg has the library baked-in
 sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
 cd /tmp
@@ -180,19 +180,19 @@ sudo make install
 sudo ldconfig
 
 # install pydeep
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
 
 # install lief
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install lief
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install lief
 
 # install zmq needed by mispzmq
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install zmq redis
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install zmq redis
 
 # install python-magic
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install python-magic
 
 # install plyara
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install plyara
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install plyara
 ```
 
 ### 4/ CakePHP
@@ -206,24 +206,24 @@ $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install plyara
 
 ```bash
 # Install CakeResque along with its dependencies if you intend to use the built in background jobs:
-cd $PATH_TO_MISP/app
+cd ${PATH_TO_MISP}/app
 # Make composer cache happy
-sudo mkdir /var/www/.composer ; sudo chown $WWW_USER:$WWW_USER /var/www/.composer
+sudo mkdir /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer
 # Update composer.phar
-#$SUDO_WWW php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-#$SUDO_WWW php -r "if (hash_file('SHA384', 'composer-setup.php') === 'baf1608c33254d00611ac1705c1d9958c817a1a33bce370c0595974b342601bd80b92a3f46067da89e3b06bff421f182') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
-#$SUDO_WWW php composer-setup.php
-#$SUDO_WWW php -r "unlink('composer-setup.php');"
-$SUDO_WWW php composer.phar install
+#${SUDO_WWW} php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+#${SUDO_WWW} php -r "if (hash_file('SHA384', 'composer-setup.php') === 'baf1608c33254d00611ac1705c1d9958c817a1a33bce370c0595974b342601bd80b92a3f46067da89e3b06bff421f182') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
+#${SUDO_WWW} php composer-setup.php
+#${SUDO_WWW} php -r "unlink('composer-setup.php');"
+${SUDO_WWW} php composer.phar install
 # The following is potentially not needed, but just here in case of Keyboard/Chair failures
-$SUDO_WWW php composer.phar update
+${SUDO_WWW} php composer.phar update
 
 # Enable CakeResque with php-redis
 sudo phpenmod redis
 sudo phpenmod gnupg
 
 # To use the scheduler worker for scheduled tasks, do the following:
-$SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
+${SUDO_WWW} cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
 ```
 
 
@@ -232,11 +232,11 @@ $SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin
 
 ```bash
 # Check if the permissions are set correctly using the following commands:
-sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP
-sudo chmod -R 750 $PATH_TO_MISP
-sudo chmod -R g+ws $PATH_TO_MISP/app/tmp
-sudo chmod -R g+ws $PATH_TO_MISP/app/files
-sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
+sudo chmod -R 750 ${PATH_TO_MISP}
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp
 ```
 
 
@@ -265,16 +265,16 @@ sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
 
 #### Import the empty MISP database from MYSQL.sql
 ```bash
-$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
+${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
 ```
 
 ### 7/ Apache configuration
 -----------------------
 ```bash
-# Now configure your Apache webserver with the DocumentRoot $PATH_TO_MISP/app/webroot/
+# Now configure your Apache webserver with the DocumentRoot ${PATH_TO_MISP}/app/webroot/
 
 # If the apache version is 2.4:
-sudo cp $PATH_TO_MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
+sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
 
 # Be aware that the configuration files for apache 2.4 and up have changed.
 # The configuration file has to have the .conf extension in the sites-available directory
@@ -305,8 +305,8 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
 <VirtualHost _default_:443>
         ServerAdmin admin@<your.FQDN.here>
         ServerName <your.FQDN.here>
-        DocumentRoot $PATH_TO_MISP/app/webroot
-        <Directory $PATH_TO_MISP/app/webroot>
+        DocumentRoot ${PATH_TO_MISP}/app/webroot
+        <Directory ${PATH_TO_MISP}/app/webroot>
                 Options -Indexes
                 AllowOverride all
                 Require all granted
@@ -349,21 +349,21 @@ sudo systemctl restart apache2
 ### 8/ Log rotation
 ---------------
 ```bash
-# MISP saves the stdout and stderr of its workers in $PATH_TO_MISP/app/tmp/logs
+# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
 # To rotate these logs install the supplied logrotate script:
 
-sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
 sudo chmod 0640 /etc/logrotate.d/misp
 ```
 
 ### 9/ MISP configuration
 ---------------------
 ```bash
-# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
+# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
 
 
 echo "<?php
@@ -381,11 +381,11 @@ class DATABASE_CONFIG {
                 'prefix' => '',
                 'encoding' => 'utf8',
         );
-}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
+}" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php
 
 # and make sure the file permissions are still OK
-sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/app/Config
-sudo chmod -R 750 $PATH_TO_MISP/app/Config
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/Config
+sudo chmod -R 750 ${PATH_TO_MISP}/app/Config
 
 # Generate a GPG encryption key.
 
@@ -404,14 +404,14 @@ cat >/tmp/gen-key-script <<EOF
     %echo done
 EOF
 
-$SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
+${SUDO_WWW} gpg --homedir ${PATH_TO_MISP}/.gnupg --batch --gen-key /tmp/gen-key-script
 # The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
 
 # And export the public key to the webroot
-$SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
+${SUDO_WWW} sh -c "gpg --homedir ${PATH_TO_MISP}/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/webroot/gpg.asc
 
 # To make the background workers start on boot
-sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
+sudo chmod +x ${PATH_TO_MISP}/app/Console/worker/start.sh
 
 echo "[Unit]
 Description=MISP background workers
@@ -419,9 +419,9 @@ After=mariadb.service redis-server.service
 
 [Service]
 Type=forking
-User=$WWW_USER
-Group=$WWW_USER
-ExecStart=$PATH_TO_MISP/app/Console/worker/start.sh
+User=${WWW_USER}
+Group=${WWW_USER}
+ExecStart=${PATH_TO_MISP}/app/Console/worker/start.sh
 Restart=always
 RestartSec=10
 
@@ -440,7 +440,7 @@ fi
 {!generic/MISP_CAKE_init.md!}
 
 ```bash
-# Add the following lines before the last line (exit 0). Make sure that you replace $WWW_USER with your apache user:
+# Add the following lines before the last line (exit 0). Make sure that you replace ${WWW_USER} with your apache user:
 sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
 sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
 sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
@@ -476,7 +476,7 @@ echo "User  (misp) DB Password: $DBPASSWORD_MISP"
 #### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
 
 ```bash
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pyzmq
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install pyzmq
 ```
 
 #### MISP has a feature for publishing events to Kafka. To enable it, simply run the following commands
diff --git a/docs/xINSTALL.debian9.md b/docs/xINSTALL.debian9.md
index 6ac156a1b..69411f5e3 100644
--- a/docs/xINSTALL.debian9.md
+++ b/docs/xINSTALL.debian9.md
@@ -12,7 +12,7 @@
     Maintained and tested by @SteveClement on 20190702
 
 !!! warning
-    This install document is compiles a custom Python 3.7 meaning some things might be unexpected.
+    This install document compiles a custom Python 3.7 meaning some things might be unexpected.
     Debian stretch has Python 3.5 but we need at least python 3.6
 
 
@@ -32,7 +32,7 @@ PHP_ETC_BASE=/etc/php/7.0
 PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
 
 sudo adduser $MISP_USER staff
-sudo adduser $MISP_USER $WWW_USER
+sudo adduser $MISP_USER ${WWW_USER}
 ```
 
 {!generic/sudo_etckeeper.md!}
@@ -151,45 +151,45 @@ sudo systemctl restart apache2
 ------------
 ```bash
 # Download MISP using git in the /var/www/ directory.
-sudo mkdir $PATH_TO_MISP
-sudo chown $WWW_USER:$WWW_USER $PATH_TO_MISP
-cd $PATH_TO_MISP
-$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
-$SUDO_WWW git submodule update --init --recursive
+sudo mkdir ${PATH_TO_MISP}
+sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
+cd ${PATH_TO_MISP}
+false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}; done
+${SUDO_WWW} git submodule update --progress --init --recursive
 # Make git ignore filesystem permission differences for submodules
-$SUDO_WWW git submodule foreach --recursive git config core.filemode false
+${SUDO_WWW} git submodule foreach --recursive git config core.filemode false
 
 # Make git ignore filesystem permission differences
-$SUDO_WWW git config core.filemode false
+${SUDO_WWW} git config core.filemode false
 
 # Create a python3 virtualenv
-$SUDO_WWW virtualenv -p ~/opt/python3/bin/python3.7 ${PATH_TO_MISP}/venv
+${SUDO_WWW} virtualenv -p ~/opt/python3/bin/python3.7 ${PATH_TO_MISP}/venv
 
 # make pip happy
 sudo mkdir /var/www/.cache/
-sudo chown $WWW_USER:$WWW_USER /var/www/.cache
+sudo chown ${WWW_USER}:${WWW_USER} /var/www/.cache
 
-cd $PATH_TO_MISP/app/files/scripts
-$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
-$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
-$SUDO_WWW git clone https://github.com/MAECProject/python-maec.git
+cd ${PATH_TO_MISP}/app/files/scripts
+${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git
+${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git
+${SUDO_WWW} git clone https://github.com/MAECProject/python-maec.git
 # install mixbox to accommodate the new STIX dependencies:
-$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
-cd $PATH_TO_MISP/app/files/scripts/mixbox
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
-cd $PATH_TO_MISP/app/files/scripts/python-cybox
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
-cd $PATH_TO_MISP/app/files/scripts/python-stix
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
-cd $PATH_TO_MISP/app/files/scripts/python-maec
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git
+cd ${PATH_TO_MISP}/app/files/scripts/mixbox
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
+cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
+cd ${PATH_TO_MISP}/app/files/scripts/python-stix
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
+cd ${PATH_TO_MISP}/app/files/scripts/python-maec
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # install STIX2.0 library to support STIX 2.0 export:
 cd ${PATH_TO_MISP}/cti-python-stix2
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 
 # install PyMISP
-cd $PATH_TO_MISP/PyMISP
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+cd ${PATH_TO_MISP}/PyMISP
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # FIXME: Remove libfaup etc once the egg has the library baked-in
 sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
 cd /tmp
@@ -209,19 +209,19 @@ sudo make install
 sudo ldconfig
 
 # install pydeep
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
 
 # install lief
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install lief
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install lief
 
 # install zmq needed by mispzmq
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install zmq redis
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install zmq redis
 
 # install python-magic
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install python-magic
 
 # install plyara
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install plyara
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install plyara
 ```
 
 ### 4/ CakePHP
@@ -230,23 +230,23 @@ $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install plyara
 
 ```bash
 # Install CakeResque along with its dependencies if you intend to use the built in background jobs:
-cd $PATH_TO_MISP/app
+cd ${PATH_TO_MISP}/app
 # Make composer cache happy
-sudo mkdir /var/www/.composer ; sudo chown $WWW_USER:$WWW_USER /var/www/.composer
+sudo mkdir /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer
 # Update composer.phar
 #EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
-# $SUDO_WWW php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-# $SUDO_WWW php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
-# $SUDO_WWW php composer-setup.php
-# $SUDO_WWW php -r "unlink('composer-setup.php');"
-$SUDO_WWW php composer.phar install
+# ${SUDO_WWW} php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+# ${SUDO_WWW} php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
+# ${SUDO_WWW} php composer-setup.php
+# ${SUDO_WWW} php -r "unlink('composer-setup.php');"
+${SUDO_WWW} php composer.phar install
 
 # Enable CakeResque with php-redis
 sudo phpenmod redis
 sudo phpenmod gnupg
 
 # To use the scheduler worker for scheduled tasks, do the following:
-$SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
+${SUDO_WWW} cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
 ```
 
 
@@ -255,11 +255,11 @@ $SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin
 
 ```bash
 # Check if the permissions are set correctly using the following commands:
-sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP
-sudo chmod -R 750 $PATH_TO_MISP
-sudo chmod -R g+ws $PATH_TO_MISP/app/tmp
-sudo chmod -R g+ws $PATH_TO_MISP/app/files
-sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
+sudo chmod -R 750 ${PATH_TO_MISP}
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp
 ```
 
 
@@ -288,16 +288,16 @@ sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
 
 #### Import the empty MISP database from MYSQL.sql
 ```bash
-$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
+${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
 ```
 
 ### 7/ Apache configuration
 -----------------------
 ```bash
-# Now configure your Apache webserver with the DocumentRoot $PATH_TO_MISP/app/webroot/
+# Now configure your Apache webserver with the DocumentRoot ${PATH_TO_MISP}/app/webroot/
 
 # If the apache version is 2.4:
-sudo cp $PATH_TO_MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
+sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
 
 # Be aware that the configuration files for apache 2.4 and up have changed.
 # The configuration file has to have the .conf extension in the sites-available directory
@@ -328,8 +328,8 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
 <VirtualHost _default_:443>
         ServerAdmin admin@<your.FQDN.here>
         ServerName <your.FQDN.here>
-        DocumentRoot $PATH_TO_MISP/app/webroot
-        <Directory $PATH_TO_MISP/app/webroot>
+        DocumentRoot ${PATH_TO_MISP}/app/webroot
+        <Directory ${PATH_TO_MISP}/app/webroot>
                 Options -Indexes
                 AllowOverride all
                 Require all granted
@@ -372,21 +372,21 @@ sudo systemctl restart apache2
 ### 8/ Log rotation
 ---------------
 ```bash
-# MISP saves the stdout and stderr of its workers in $PATH_TO_MISP/app/tmp/logs
+# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
 # To rotate these logs install the supplied logrotate script:
 
-sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
 sudo chmod 0640 /etc/logrotate.d/misp
 ```
 
 ### 9/ MISP configuration
 ---------------------
 ```bash
-# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
+# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
 
 
 echo "<?php
@@ -404,11 +404,11 @@ class DATABASE_CONFIG {
                 'prefix' => '',
                 'encoding' => 'utf8',
         );
-}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
+}" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php
 
 # and make sure the file permissions are still OK
-sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/app/Config
-sudo chmod -R 750 $PATH_TO_MISP/app/Config
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/Config
+sudo chmod -R 750 ${PATH_TO_MISP}/app/Config
 
 # Generate a GPG encryption key.
 
@@ -427,14 +427,14 @@ cat >/tmp/gen-key-script <<EOF
     %echo done
 EOF
 
-$SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
+${SUDO_WWW} gpg --homedir ${PATH_TO_MISP}/.gnupg --batch --gen-key /tmp/gen-key-script
 # The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
 
 # And export the public key to the webroot
-$SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
+${SUDO_WWW} sh -c "gpg --homedir ${PATH_TO_MISP}/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/webroot/gpg.asc
 
 # To make the background workers start on boot
-sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
+sudo chmod +x ${PATH_TO_MISP}/app/Console/worker/start.sh
 
 echo "[Unit]
 Description=MISP background workers
@@ -442,9 +442,9 @@ After=mariadb.service redis-server.service
 
 [Service]
 Type=forking
-User=$WWW_USER
-Group=$WWW_USER
-ExecStart=$PATH_TO_MISP/app/Console/worker/start.sh
+User=${WWW_USER}
+Group=${WWW_USER}
+ExecStart=${PATH_TO_MISP}/app/Console/worker/start.sh
 Restart=always
 RestartSec=10
 
@@ -463,7 +463,7 @@ fi
 {!generic/MISP_CAKE_init.md!}
 
 ```bash
-# Add the following lines before the last line (exit 0). Make sure that you replace $WWW_USER with your apache user:
+# Add the following lines before the last line (exit 0). Make sure that you replace ${WWW_USER} with your apache user:
 sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
 sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
 sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
@@ -499,7 +499,7 @@ echo "User  (misp) DB Password: $DBPASSWORD_MISP"
 #### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
 
 ```bash
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pyzmq
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install pyzmq
 ```
 
 #### MISP has a feature for publishing events to Kafka. To enable it, simply run the following commands
diff --git a/docs/xINSTALL.tsurugi.md b/docs/xINSTALL.tsurugi.md
index c39e1952a..6c7abe3a1 100644
--- a/docs/xINSTALL.tsurugi.md
+++ b/docs/xINSTALL.tsurugi.md
@@ -84,7 +84,7 @@ function installMISPonTsurugi() {
   PATH_TO_MISP='/var/www/MISP'
   MISP_BASEURL='https://misp.local'
   MISP_LIVE='1'
-  CAKE="$PATH_TO_MISP/app/Console/cake"
+  CAKE="${PATH_TO_MISP}/app/Console/cake"
 
   # Database configuration
   DBHOST='localhost'
@@ -184,12 +184,12 @@ function installMISPonTsurugi() {
   #update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
   #update-alternatives --install /usr/bin/python python /usr/bin/python3.5 2
 
-  mkdir $PATH_TO_MISP
-  chown www-data:www-data $PATH_TO_MISP
-  cd $PATH_TO_MISP
-  $SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
+  mkdir ${PATH_TO_MISP}
+  chown www-data:www-data ${PATH_TO_MISP}
+  cd ${PATH_TO_MISP}
+  ${SUDO_WWW} git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}
 
-  $SUDO_WWW git config core.filemode false
+  ${SUDO_WWW} git config core.filemode false
 
   cp -p /etc/lsb-release /etc/lsb-release.tmp
   sudo sed -i 's/TSURUGI/Ubuntu/g' /etc/lsb-release
@@ -198,45 +198,45 @@ function installMISPonTsurugi() {
   sudo apt-get update
   sudo apt-get install python3.6 python3.6-dev -y
   mv /etc/lsb-release.tmp /etc/lsb-release
-  $SUDO_WWW virtualenv -p python3.6 $PATH_TO_MISP/venv
+  ${SUDO_WWW} virtualenv -p python3.6 ${PATH_TO_MISP}/venv
 
-  cd $PATH_TO_MISP/app/files/scripts
-  $SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
-  $SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
-  $SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
+  cd ${PATH_TO_MISP}/app/files/scripts
+  ${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git
+  ${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git
+  ${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git
 
   mkdir /var/www/.cache
   chown www-data:www-data /var/www/.cache
 
-  cd $PATH_TO_MISP/app/files/scripts/python-stix
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+  cd ${PATH_TO_MISP}/app/files/scripts/python-stix
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 
-  cd $PATH_TO_MISP/app/files/scripts/python-cybox
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+  cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 
-  cd $PATH_TO_MISP/app/files/scripts/mixbox
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+  cd ${PATH_TO_MISP}/app/files/scripts/mixbox
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 
-  cd $PATH_TO_MISP
-  $SUDO_WWW git submodule update --init --recursive
+  cd ${PATH_TO_MISP}
+  ${SUDO_WWW} git submodule update --init --recursive
   # Make git ignore filesystem permission differences for submodules
-  $SUDO_WWW git submodule foreach --recursive git config core.filemode false
+  ${SUDO_WWW} git submodule foreach --recursive git config core.filemode false
 
   # install PyMISP
-  cd $PATH_TO_MISP/PyMISP
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+  cd ${PATH_TO_MISP}/PyMISP
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 
-  cd $PATH_TO_MISP/app
+  cd ${PATH_TO_MISP}/app
   mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
-  $SUDO_WWW php composer.phar install
+  ${SUDO_WWW} php composer.phar install
 
-  $SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
+  ${SUDO_WWW} cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
 
-  chown -R www-data:www-data $PATH_TO_MISP
-  chmod -R 750 $PATH_TO_MISP
-  chmod -R g+ws $PATH_TO_MISP/app/tmp
-  chmod -R g+ws $PATH_TO_MISP/app/files
-  chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
+  chown -R www-data:www-data ${PATH_TO_MISP}
+  chmod -R 750 ${PATH_TO_MISP}
+  chmod -R g+ws ${PATH_TO_MISP}/app/tmp
+  chmod -R g+ws ${PATH_TO_MISP}/app/files
+  chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp
 
   if [ ! -e /var/lib/mysql/misp/users.ibd ]; then
     echo "
@@ -269,7 +269,7 @@ function installMISPonTsurugi() {
     update-rc.d apache2 enable
     update-rc.d redis-server enable
 
-    $SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
+    ${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
 
     echo "<?php
   class DATABASE_CONFIG {
@@ -286,7 +286,7 @@ function installMISPonTsurugi() {
                   'prefix' => '',
                   'encoding' => 'utf8',
           );
-  }" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
+  }" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php
   else
     echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
     echo "Skipping any creations…"
@@ -307,9 +307,9 @@ function installMISPonTsurugi() {
   cd /var/www
   mkdir misp-dashboard
   chown www-data:www-data misp-dashboard
-  $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
+  ${SUDO_WWW} git clone https://github.com/MISP/misp-dashboard.git
   cd misp-dashboard
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install zmq redis
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install zmq redis
   /var/www/misp-dashboard/install_dependencies.sh
   sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
   sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
@@ -319,7 +319,7 @@ function installMISPonTsurugi() {
   sed -i -e '$i \    echo "Updating ${d}"\n' /etc/rc.local
   sed -i -e '$i \    cd $d && sudo git pull &\n' /etc/rc.local
   sed -i -e '$i \done\n' /etc/rc.local
-  $SUDO_WWW bash /var/www/misp-dashboard/start_all.sh
+  ${SUDO_WWW} bash /var/www/misp-dashboard/start_all.sh
 
   apt install libapache2-mod-wsgi-py3 -y
 
@@ -338,9 +338,9 @@ function installMISPonTsurugi() {
   <VirtualHost _default_:443>
           ServerAdmin admin@localhost.lu
           ServerName misp.local
-          DocumentRoot $PATH_TO_MISP/app/webroot
+          DocumentRoot ${PATH_TO_MISP}/app/webroot
 
-          <Directory $PATH_TO_MISP/app/webroot>
+          <Directory ${PATH_TO_MISP}/app/webroot>
                   Options -Indexes
                   AllowOverride all
   		            Require all granted
@@ -413,15 +413,15 @@ function installMISPonTsurugi() {
 
   systemctl restart apache2
 
-  cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+  cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
   chmod 0640 /etc/logrotate.d/misp
 
-  $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
-  $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
-  $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
+  ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
+  ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
+  ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
 
-  chown -R www-data:www-data $PATH_TO_MISP/app/Config
-  chmod -R 750 $PATH_TO_MISP/app/Config
+  chown -R www-data:www-data ${PATH_TO_MISP}/app/Config
+  chmod -R 750 ${PATH_TO_MISP}/app/Config
   $CAKE Live $MISP_LIVE
   $CAKE Baseurl $MISP_BASEURL
 
@@ -438,11 +438,11 @@ function installMISPonTsurugi() {
       %commit
   %echo done" > /tmp/gen-key-script
 
-  $SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
+  ${SUDO_WWW} gpg --homedir ${PATH_TO_MISP}/.gnupg --batch --gen-key /tmp/gen-key-script
 
-  $SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
+  ${SUDO_WWW} sh -c "gpg --homedir ${PATH_TO_MISP}/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/webroot/gpg.asc
 
-  chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
+  chmod +x ${PATH_TO_MISP}/app/Console/worker/start.sh
 
   $CAKE userInit -q
   $CAKE Admin updateDatabase
@@ -542,7 +542,7 @@ function installMISPonTsurugi() {
   sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
   sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
   sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log 2> /dev/null &\n' /etc/rc.local
-  $SUDO_WWW bash $PATH_TO_MISP/app/Console/worker/start.sh
+  ${SUDO_WWW} bash ${PATH_TO_MISP}/app/Console/worker/start.sh
   cd /usr/local/src/
   git clone https://github.com/MISP/misp-modules.git
   cd misp-modules
@@ -550,14 +550,14 @@ function installMISPonTsurugi() {
   chown www-data .
   apt install libpq5 libjpeg-dev tesseract-ocr libpoppler-cpp-dev imagemagick libopencv-dev zbar-tools libzbar0 libzbar-dev libfuzzy-dev -y
 
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -I .
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install maec python-magic wand lief yara-python plyara
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install stix2
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -I .
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install maec python-magic wand lief yara-python plyara
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install stix2
   gem install pygments.rb
   gem install asciidoctor-pdf --pre
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/misp-modules -l 127.0.0.1 -s &
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s &
   $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
   $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
   $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
@@ -603,11 +603,11 @@ function installMISPonTsurugi() {
     sleep 6
   done
 
-  chown -R www-data:www-data $PATH_TO_MISP
-  chmod -R 750 $PATH_TO_MISP
-  chmod -R g+ws $PATH_TO_MISP/app/tmp
-  chmod -R g+ws $PATH_TO_MISP/app/files
-  chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
+  chown -R www-data:www-data ${PATH_TO_MISP}
+  chmod -R 750 ${PATH_TO_MISP}
+  chmod -R g+ws ${PATH_TO_MISP}/app/tmp
+  chmod -R g+ws ${PATH_TO_MISP}/app/files
+  chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp
 
   cd /usr/local/src/
 
diff --git a/docs/xINSTALL.ubuntu1804.with.webmin.md b/docs/xINSTALL.ubuntu1804.with.webmin.md
index a2dc94c90..f0de415ce 100644
--- a/docs/xINSTALL.ubuntu1804.with.webmin.md
+++ b/docs/xINSTALL.ubuntu1804.with.webmin.md
@@ -173,25 +173,25 @@ git submodule foreach --recursive git config core.filemode false
 # Create a python3 virtualenv
 virtualenv -p python3 ${PATH_TO_MISP}/venv
 
-cd $PATH_TO_MISP/app/files/scripts
+cd ${PATH_TO_MISP}/app/files/scripts
 git clone https://github.com/CybOXProject/python-cybox.git
 git clone https://github.com/STIXProject/python-stix.git
 git clone https://github.com/MAECProject/python-maec.git
-cd $PATH_TO_MISP/app/files/scripts/python-cybox
+cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
 ${PATH_TO_MISP}/venv/bin/pip install .
-cd $PATH_TO_MISP/app/files/scripts/python-stix
+cd ${PATH_TO_MISP}/app/files/scripts/python-stix
 ${PATH_TO_MISP}/venv/bin/pip install .
-cd $PATH_TO_MISP/app/files/scripts/python-maec
+cd ${PATH_TO_MISP}/app/files/scripts/python-maec
 ${PATH_TO_MISP}/venv/bin/pip install .
 
 # install mixbox to accommodate the new STIX dependencies:
-cd $PATH_TO_MISP/app/files/scripts/
+cd ${PATH_TO_MISP}/app/files/scripts/
 git clone https://github.com/CybOXProject/mixbox.git
-cd $PATH_TO_MISP/app/files/scripts/mixbox
+cd ${PATH_TO_MISP}/app/files/scripts/mixbox
 ${PATH_TO_MISP}/venv/bin/pip install .
 
 # install PyMISP
-cd $PATH_TO_MISP/PyMISP
+cd ${PATH_TO_MISP}/PyMISP
 ${PATH_TO_MISP}/venv/bin/pip install .
 ```
 
@@ -243,7 +243,7 @@ flush privileges;
 exit
 
 # Import the empty MISP database from MYSQL.sql
-sudo -u ${VIRT_USER} cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
+sudo -u ${VIRT_USER} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
 ```
 
 
@@ -344,11 +344,11 @@ cat >/tmp/gen-key-script <<EOF
     %echo done
 EOF
 
-gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
+gpg --homedir ${PATH_TO_MISP}/.gnupg --batch --gen-key /tmp/gen-key-script
 # The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
 
 # And export the public key to the webroot
-sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | tee $PATH_TO_MISP/app/webroot/gpg.asc
+sh -c "gpg --homedir ${PATH_TO_MISP}/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | tee ${PATH_TO_MISP}/app/webroot/gpg.asc
 
 # If you get no satisfaction with your entropy install this:
 sudo apt-get install haveged pv
diff --git a/mkdocs.yml b/mkdocs.yml
index b9c6b508e..6401dfd6d 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -38,8 +38,7 @@ theme:
 markdown_extensions:
   - markdown_include.include:
       base_path: docs
-  # mkdcomments is buggy atm, see: https://github.com/ryneeverett/python-markdown-comments/issues/3
-  #- mkdcomments
+  - mkdcomments
   - markdown.extensions.admonition
   - markdown.extensions.codehilite:
       guess_lang: false
@@ -75,12 +74,10 @@ nav:
       - 'RHEL8/CentOS8': 'INSTALL.rhel8.md'
     - xInstall Guides: 
       - 'Warning': 'xINSTALL.md'
-      - 'Centos 6': 'xINSTALL.centos6.md'
       - 'Debian 10': 'xINSTALL.debian10.md'
-      - 'Debian 9': 'xINSTALL.debian9.md'
       - 'Ubuntu 18.04 \w webmin': 'xINSTALL.ubuntu1804.with.webmin.md'
       - 'Tsurugi Linux': 'xINSTALL.tsurugi.md'
-      - 'OpenBSD 6.6': 'xINSTALL.OpenBSD.md'
+      - 'OpenBSD 6.7': 'xINSTALL.OpenBSD.md'
     - Config Guides:
       - 'Elastic Search Logging': 'CONFIG.elasticsearch-logging.md'
       - 'Amazon S3 attachments': 'CONFIG.s3-attachments.md'
@@ -90,6 +87,8 @@ nav:
     - Old guides:
       - '2.3 to 2.4 upgrade': 'archive/old-2_3to2_4-UPGRADE.md'
       - 'Ubuntu 16.04': 'archive/INSTALL.ubuntu1604.md'
+      - 'Debian 9': 'xINSTALL.debian9.md'
+      - 'Centos 6': 'xINSTALL.centos6.md'
       - 'FreeBSD': 'archive/xINSTALL.FreeBSD.md'
     - About:
       - 'MISP Release Notes': 'Changelog.md'