Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix

2020-05-25 12:00:33 +02:00 · 2020-05-25 12:00:33 +02:00 · e95dad15d0
parent fb78b721dc 5d7244741f
commit e95dad15d0
30 changed files with 593 additions and 615 deletions
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@ -462,6 +462,15 @@ class AppController extends Controller
            $this->set('isAclKafka', isset($role['perm_publish_kafka']) ? $role['perm_publish_kafka'] : false);
            $this->set('isAclDecaying', isset($role['perm_decaying']) ? $role['perm_decaying'] : false);
            $this->userRole = $role;
            $this->set('loggedInUserName', $this->__convertEmailToName($this->Auth->user('email')));
            if ($this->request->params['controller'] === 'users' && $this->request->params['action'] === 'dashboard') {
                $notifications = $this->{$this->modelClass}->populateNotifications($this->Auth->user());
            } else {
                $notifications = $this->{$this->modelClass}->populateNotifications($this->Auth->user(), 'fast');
            }
            $this->set('notifications', $notifications);
            if (
                Configure::read('MISP.log_paranoid') ||
                !empty(Configure::read('Security.monitored'))
@ -499,9 +508,8 @@ class AppController extends Controller
        } else {
            $this->set('me', false);
        }
-        $this->set('br', '<br />');
+
-        $this->set('bold', array('<span class="bold">', '</span>'));
+        if ($this->Auth->user() && $this->_isSiteAdmin()) {
        if ($this->_isSiteAdmin()) {
            if (Configure::read('Session.defaults') == 'database') {
                $db = ConnectionManager::getDataSource('default');
                $sqlResult = $db->query('SELECT COUNT(id) AS session_count FROM cake_sessions WHERE expires < ' . time() . ';');
@ -515,13 +523,6 @@ class AppController extends Controller
            }
        }
        $this->set('loggedInUserName', $this->__convertEmailToName($this->Auth->user('email')));
        if ($this->request->params['controller'] === 'users' && $this->request->params['action'] === 'dashboard') {
            $notifications = $this->{$this->modelClass}->populateNotifications($this->Auth->user());
        } else {
            $notifications = $this->{$this->modelClass}->populateNotifications($this->Auth->user(), 'fast');
        }
        $this->set('notifications', $notifications);
        $this->ACL->checkAccess($this->Auth->user(), Inflector::variable($this->request->params['controller']), $this->action);
        if ($this->_isRest()) {
            $this->__rateLimitCheck();
--- a/app/Controller/Component/ACLComponent.php
+++ b/app/Controller/Component/ACLComponent.php
@ -695,12 +695,23 @@ class ACLComponent extends Component
        }
    }
-    // The check works like this:
+    /**
-    // If the user is a site admin, return true
+     * The check works like this:
-    // If the requested action has an OR-d list, iterate through the list. If any of the permissions are set for the user, return true
+     * - If the user is a site admin, return true
-    // If the requested action has an AND-ed list, iterate through the list. If any of the permissions for the user are not set, turn the check to false. Otherwise return true.
+     * - If the requested action has an OR-d list, iterate through the list. If any of the permissions are set for the user, return true
-    // If the requested action has a permission, check if the user's role has it flagged. If yes, return true
+     * - If the requested action has an AND-ed list, iterate through the list. If any of the permissions for the user are not set, turn the check to false. Otherwise return true.
-    // If we fall through all of the checks, return an exception.
+     * - If the requested action has a permission, check if the user's role has it flagged. If yes, return true
     * - If we fall through all of the checks, return an exception.
     *
     * @param array|null $user
     * @param string $controller
     * @param string $action
     * @param bool $soft If true, instead of exception, HTTP error code is retuned as int.
     * @return bool|int
     * @throws NotFoundException
     * @throws MethodNotAllowedException
     * @throws InternalErrorException
     */
    public function checkAccess($user, $controller, $action, $soft = false)
    {
        $controller = lcfirst(Inflector::camelize($controller));
@ -710,15 +721,12 @@ class ACLComponent extends Component
            $aclList[$k] = array_change_key_case($v);
        }
        $this->__checkLoggedActions($user, $controller, $action);
-        if ($user['Role']['perm_site_admin']) {
+        if ($user && $user['Role']['perm_site_admin']) {
            return true;
        }
        if (!isset($aclList[$controller])) {
            return $this->__error(404, 'Invalid controller.', $soft);
        }
        if ($user['Role']['perm_site_admin']) {
            return true;
        }
        if (isset($aclList[$controller][$action]) && !empty($aclList[$controller][$action])) {
            if (in_array('*', $aclList[$controller][$action])) {
                return true;
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@ -1167,17 +1167,12 @@ class EventsController extends AppController
        $this->set('emptyEvent', $emptyEvent);
        // remove galaxies tags
        $this->loadModel('GalaxyCluster');
        $this->loadModel('Taxonomy');
        $cluster_names = $this->GalaxyCluster->find('list', array('fields' => array('GalaxyCluster.tag_name'), 'group' => array('GalaxyCluster.tag_name', 'GalaxyCluster.id')));
        foreach ($event['Object'] as $k => $object) {
            if (isset($object['Attribute'])) {
                foreach ($object['Attribute'] as $k2 => $attribute) {
-                    foreach ($attribute['AttributeTag'] as $k3 => $attributeTag) {
+                    $this->Event->Attribute->removeGalaxyClusterTags($event['Object'][$k]['Attribute'][$k2]);
-                        if (in_array($attributeTag['Tag']['name'], $cluster_names)) {
+
                            unset($event['Object'][$k]['Attribute'][$k2]['AttributeTag'][$k3]);
                        }
                    }
                    $tagConflicts = $this->Taxonomy->checkIfTagInconsistencies($attribute['AttributeTag']);
                    foreach ($tagConflicts['global'] as $tagConflict) {
                        $warningTagConflicts[$tagConflict['taxonomy']['Taxonomy']['namespace']] = $tagConflict['taxonomy'];
@ -1190,11 +1185,8 @@ class EventsController extends AppController
            }
        }
        foreach ($event['Attribute'] as $k => $attribute) {
-            foreach ($attribute['AttributeTag'] as $k2 => $attributeTag) {
+            $this->Event->Attribute->removeGalaxyClusterTags($event['Attribute'][$k]);
-                if (in_array($attributeTag['Tag']['name'], $cluster_names)) {
+
                    unset($event['Attribute'][$k]['AttributeTag'][$k2]);
                }
            }
            $tagConflicts = $this->Taxonomy->checkIfTagInconsistencies($attribute['AttributeTag']);
            foreach ($tagConflicts['global'] as $tagConflict) {
                $warningTagConflicts[$tagConflict['taxonomy']['Taxonomy']['namespace']] = $tagConflict['taxonomy'];
@ -1232,8 +1224,8 @@ class EventsController extends AppController
        }
        $this->set('event', $event);
        $dataForView = array(
-                'Attribute' => array('attrDescriptions', 'typeDefinitions', 'categoryDefinitions', 'distributionDescriptions', 'distributionLevels', 'shortDist'),
+            'Attribute' => array('attrDescriptions' => 'fieldDescriptions', 'distributionDescriptions' => 'distributionDescriptions', 'distributionLevels' => 'distributionLevels', 'shortDist' => 'shortDist'),
-                'Event' => array('fieldDescriptions')
+            'Event' => array('eventDescriptions' => 'fieldDescriptions', 'analysisDescriptions' => 'analysisDescriptions', 'analysisLevels' => 'analysisLevels')
        );
        foreach ($dataForView as $m => $variables) {
            if ($m === 'Event') {
@ -1241,8 +1233,8 @@ class EventsController extends AppController
            } elseif ($m === 'Attribute') {
                $currentModel = $this->Event->Attribute;
            }
-            foreach ($variables as $variable) {
+            foreach ($variables as $alias => $variable) {
-                $this->set($variable, $currentModel->{$variable});
+                $this->set($alias, $currentModel->{$variable});
            }
        }
        if (Configure::read('Plugin.Enrichment_services_enable')) {
@ -1507,20 +1499,6 @@ class EventsController extends AppController
        }
        $this->params->params['paging'] = array($this->modelClass => $params);
        $this->set('event', $event);
        $dataForView = array(
                'Attribute' => array('attrDescriptions', 'typeDefinitions', 'categoryDefinitions', 'distributionDescriptions', 'distributionLevels'),
                'Event' => array('fieldDescriptions')
        );
        foreach ($dataForView as $m => $variables) {
            if ($m === 'Event') {
                $currentModel = $this->Event;
            } elseif ($m === 'Attribute') {
                $currentModel = $this->Event->Attribute;
            }
            foreach ($variables as $variable) {
                $this->set($variable, $currentModel->{$variable});
            }
        }
        $extensionParams = array(
            'conditions' => array(
                'Event.extends_uuid' => $event['Event']['uuid']
--- a/app/Lib/cakephp
+++ b/app/Lib/cakephp
@ -1 +1 @@
-Subproject commit 5ccb12354dfc08ca1b3e0a430e8668bf1610b5d3
+Subproject commit 59e12788fc406ee66180f41e8a2840b841c6051a
--- a/app/Model/Server.php
+++ b/app/Model/Server.php
@ -3226,7 +3226,7 @@ class Server extends AppModel
        foreach ($serverSettings as $branchKey => &$branchValue) {
            if (isset($branchValue['branch'])) {
                foreach ($branchValue as $leafKey => &$leafValue) {
-                    if ($leafValue['level'] == 3 && !(isset($currentSettings[$branchKey][$leafKey]))) {
+                    if ($leafKey !== 'branch' && $leafValue['level'] == 3 && !(isset($currentSettings[$branchKey][$leafKey]))) {
                        continue;
                    }
                    $setting = null;
--- a/app/View/Elements/formInfo.ctp
+++ b/app/View/Elements/formInfo.ctp
@ -1 +1 @@
-<span id = "<?php echo $type?>InfoPopover" class="icon-info-sign" data-toggle="popover" data-field="<?php echo $type; ?>"></span>
+<span id="<?php echo $type?>InfoPopover" class="fas fa-info-circle" data-toggle="popover" data-field="<?php echo $type; ?>"></span>
--- a/app/View/Elements/genericElements/Form/formInfo.ctp
+++ b/app/View/Elements/genericElements/Form/formInfo.ctp
@ -17,12 +17,12 @@
        }
    }
    echo sprintf(
-        '<span id = "%sInfoPopover" class="icon-info-sign" data-toggle="popover" data-trigger="hover" style="margin-left:2px;"></span>',
+        ' <span id="%sInfoPopover" class="fas fa-info-circle" data-toggle="popover" data-trigger="hover"></span>',
        h($field['field'])
    );
 ?>
 <script type="text/javascript">
-    $(document).ready(function() {
+    $(function() {
        $('#<?php echo h($field['field']); ?>InfoPopover').popover({
            html: true,
            content: function() {
--- a/app/View/Users/admin_add.ctp
+++ b/app/View/Users/admin_add.ctp
@ -37,7 +37,7 @@
                $passwordPopover = '<span class=\"blue bold\">' . __('Length') . '</span>: ' . h($length) . '<br />';
                $passwordPopover .= '<span class=\"blue bold\">' . __('Complexity') . '</span>: ' . h($complexity);
                echo $this->Form->input('password', array(
-                    'label' => __('Password') . ' <span id = "PasswordPopover" class="icon-info-sign" ></span>'
+                    'label' => __('Password') . ' <span id="PasswordPopover" class="fas fa-info-circle"></span>'
                ));
                echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
            ?>
--- a/app/View/Users/admin_edit.ctp
+++ b/app/View/Users/admin_edit.ctp
@ -37,7 +37,7 @@
                $passwordPopover = '<span class=\"blue bold\">' . __('Length') .'</span>: ' . h($length) . '<br />';
                $passwordPopover .= '<span class=\"blue bold\">' . __('Complexity') .'</span>: ' . h($complexity);
                echo $this->Form->input('password', array(
-                    'label' => __('Password') . ' <span id = "PasswordPopover" class="icon-info-sign" ></span>'
+                    'label' => __('Password') . ' <span id="PasswordPopover" class="fas fa-info-circle"></span>'
                ));
                echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
            ?>
--- a/app/View/Users/change_pw.ctp
+++ b/app/View/Users/change_pw.ctp
@ -6,7 +6,7 @@
        $passwordPopover = '<span class=\"blue bold\">Length</span>: ' . h($length) . '<br />';
        $passwordPopover .= '<span class=\"blue bold\">Complexity</span>: ' . h($complexity);
        echo $this->Form->input('password', array(
-            'label' => __('Password') . ' <span id = "PasswordPopover" class="icon-info-sign" ></span>', 'autofocus'
+            'label' => __('Password') . ' <span id="PasswordPopover" class="fas fa-info-circle"></span>', 'autofocus'
        ));
        echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
    ?>
--- a/app/View/Users/edit.ctp
+++ b/app/View/Users/edit.ctp
@ -10,7 +10,7 @@
        $passwordPopover = '<span class=\"blue bold\">' . __('Length') .'</span>: ' . h($length) . '<br />';
        $passwordPopover .= '<span class=\"blue bold\">' . __('Complexity') .'</span>: ' . h($complexity);
        echo $this->Form->input('password', array(
-            'label' => __('Password') . ' <span id = "PasswordPopover" class="icon-info-sign" ></span>'
+            'label' => __('Password') . ' <span id="PasswordPopover" class="fas fa-info-circle"></span>'
        ));
        echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
    ?>
--- a/app/files/misp-galaxy
+++ b/app/files/misp-galaxy
@ -1 +1 @@
-Subproject commit dee9a564606ba92c50f13b53884bceaacf6c4522
+Subproject commit 313003ed655c1c3c06734e7ed3dbb514fa1047eb
--- a/app/webroot/js/misp.js
+++ b/app/webroot/js/misp.js
@ -1834,7 +1834,6 @@ function popoverConfirm(clicked, message, placement) {
        popoverContent += '<button id="popoverConfirmOK" class="btn btn-primary" style="margin-right: 5px;" onclick=submitPopover(this)>Yes</button>';
        popoverContent += '<button class="btn btn-inverse" style="float: right;" onclick=cancelPrompt()>Cancel</button>';
    popoverContent += '</div>';
    placement = placement === undefined ? 'auto' : placement;
    openPopover($clicked, popoverContent, undefined, placement);
    $("#popoverConfirmOK")
    .focus()
--- a/docs/INSTALL.ubuntu2004.md
+++ b/docs/INSTALL.ubuntu2004.md
@ -175,18 +175,18 @@ installCore () {
  # FIXME: Remove libfaup etc once the egg has the library baked-in
  sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
  cd /tmp
-  [[ ! -d "faup" ]] && $SUDO_CMD git clone git://github.com/stricaud/faup.git faup
+  false; while [[ $? -ne 0 ]]; do [[ ! -d "faup" ]] && ${SUDO_CMD} git clone git://github.com/stricaud/faup.git faup; done
-  [[ ! -d "gtcaca" ]] && $SUDO_CMD git clone git://github.com/stricaud/gtcaca.git gtcaca
+  false; while [[ $? -ne 0 ]]; do [[ ! -d "gtcaca" ]] && ${SUDO_CMD} git clone git://github.com/stricaud/gtcaca.git gtcaca; done
  sudo chown -R ${MISP_USER}:${MISP_USER} faup gtcaca
  cd gtcaca
-  $SUDO_CMD mkdir -p build
+  ${SUDO_CMD} mkdir -p build
  cd build
-  $SUDO_CMD cmake .. && $SUDO_CMD make
+  ${SUDO_CMD} cmake .. && ${SUDO_CMD} make
  sudo make install
  cd ../../faup
-  $SUDO_CMD mkdir -p build
+  ${SUDO_CMD} mkdir -p build
  cd build
-  $SUDO_CMD cmake .. && $SUDO_CMD make
+  ${SUDO_CMD} cmake .. && ${SUDO_CMD} make
  sudo make install
  sudo ldconfig
--- a/docs/generic/globalVariables.md
+++ b/docs/generic/globalVariables.md
@ -17,27 +17,33 @@ MISPvars () {
  # RHEL/CentOS
  if [[ -f "/etc/redhat-release" ]]; then
    WWW_USER='apache'
    SUDO_WWW="sudo -H -u ${WWW_USER} "
  # Debian flavoured
  elif [[ -f "/etc/debian_version" ]]; then
    WWW_USER="www-data"
    SUDO_WWW="sudo -H -u ${WWW_USER} "
  # OpenBSD
  elif [[ "$(uname -s)" == "OpenBSD" ]]; then
    WWW_USER="www"
    PATH_TO_MISP="/var/www/htdocs/MISP"
    SUDO_WWW="doas -u www "
    SUDO_CMD="doas "
  # NetBSD
  elif [[ "$(uname -s)" == "NetBSD" ]]; then
    WWW_USER="www"
    PATH_TO_MISP="/usr/pkg/share/httpd/htdocs/MISP"
    SUDO_WWW="sudo -H -u ${WWW_USER} "
  else
    # I am feeling lucky
    WWW_USER="www-data"
    SUDO_WWW="sudo -H -u ${WWW_USER} "
  fi
-  if [ -z "$FQDN" ]; then
+  if [ -z "${FQDN}" ]; then
    FQDN="misp.local"
  fi
-  if [ -z "$MISP_BASEURL" ]; then
+  if [ -z "${MISP_BASEURL}" ]; then
    MISP_BASEURL='""'
  fi
@ -52,13 +58,13 @@ MISPvars () {
  DBPASSWORD_MISP="$(openssl rand -hex 32)"
  # OpenSSL configuration
-  OPENSSL_CN=$FQDN
+  OPENSSL_CN=${FQDN}
  OPENSSL_C='LU'
  OPENSSL_ST='State'
  OPENSSL_L='Location'
  OPENSSL_O='Organization'
  OPENSSL_OU='Organizational Unit'
-  OPENSSL_EMAILADDRESS="info@$FQDN"
+  OPENSSL_EMAILADDRESS="info@${FQDN}"
  # GPG configuration
  GPG_REAL_NAME='Autogenerated Key'
@ -81,7 +87,7 @@ MISPvars () {
  max_execution_time=300
  memory_limit=2048M
-  CAKE="$PATH_TO_MISP/app/Console/cake"
+  CAKE="${PATH_TO_MISP}/app/Console/cake"
  # sudo config to run $LUSER commands
  if [[ "$(groups ${MISP_USER} |grep -o 'staff')" == "staff" ]]; then
@ -89,8 +95,7 @@ MISPvars () {
  else
    SUDO_CMD="sudo -H -u ${MISP_USER}"
  fi
-  SUDO_WWW="sudo -H -u ${WWW_USER} "
+  
  echo "The following DB Passwords were generated..."
  echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
  echo "User  (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
--- a/docs/generic/mail_to_misp-debian.md
+++ b/docs/generic/mail_to_misp-debian.md
@ -8,9 +8,9 @@ mail2misp () {
  debug "Installing Mail2${LBLUE}MISP${NC}"
  cd /usr/local/src/
  sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
-  $SUDO_CMD git clone https://github.com/MISP/mail_to_misp.git
+  false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/MISP/mail_to_misp.git; done
-  [[ ! -d "faup" ]] && $SUDO_CMD git clone git://github.com/stricaud/faup.git faup
+  [[ ! -d "faup" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone git://github.com/stricaud/faup.git faup; done
-  [[ ! -d "gtcaca" ]] && $SUDO_CMD git clone git://github.com/stricaud/gtcaca.git gtcaca
+  [[ ! -d "gtcaca" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone git://github.com/stricaud/gtcaca.git gtcaca; done
  sudo chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp gtcaca
  cd gtcaca
  $SUDO_CMD mkdir -p build
--- a/docs/generic/misp-dashboard-centos.md
+++ b/docs/generic/misp-dashboard-centos.md
@ -14,7 +14,7 @@ mispDashboard () {
  sudo yum install wget screen -y
  sudo mkdir /var/www/misp-dashboard
  sudo chown $WWW_USER:$WWW_USER /var/www/misp-dashboard
-  $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git /var/www/misp-dashboard
+  false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git /var/www/misp-dashboard; done
  cd /var/www/misp-dashboard
  sudo sed -i -E 's/sudo apt/#sudo apt/' install_dependencies.sh
  sudo sed -i -E 's/virtualenv -p python3 DASHENV/\/usr\/bin\/scl enable rh-python36 \"virtualenv -p python3 DASHENV\"/' install_dependencies.sh
--- a/docs/generic/misp-dashboard-debian.md
+++ b/docs/generic/misp-dashboard-debian.md
@ -16,7 +16,7 @@ mispDashboard () {
  sudo mkdir misp-dashboard
  sudo chown $WWW_USER:$WWW_USER misp-dashboard
-  $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
+  false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git; done
  cd misp-dashboard
  sudo -H /var/www/misp-dashboard/install_dependencies.sh
  sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
--- a/docs/generic/misp-modules-centos.md
+++ b/docs/generic/misp-modules-centos.md
@ -8,7 +8,7 @@ mispmodulesRHEL () {
  sudo chmod 2777 /usr/local/src
  sudo chown root:users /usr/local/src
  cd /usr/local/src/
-  $SUDO_WWW git clone https://github.com/MISP/misp-modules.git
+  false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MISP/misp-modules.git; done
  cd misp-modules
  # pip install
  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U -I -r REQUIREMENTS
--- a/docs/generic/misp-modules-debian.md
+++ b/docs/generic/misp-modules-debian.md
@ -8,9 +8,9 @@ mispmodules () {
  sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
  ## TODO: checkUsrLocalSrc in main doc
  debug "Cloning misp-modules"
-  $SUDO_CMD git clone https://github.com/MISP/misp-modules.git
+  false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/MISP/misp-modules.git; done
-  $SUDO_CMD git clone git://github.com/stricaud/gtcaca.git
+  [[ ! -d "faup" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone git://github.com/stricaud/faup.git faup; done
-  $SUDO_CMD git clone git://github.com/stricaud/faup.git
+  [[ ! -d "gtcaca" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone git://github.com/stricaud/gtcaca.git gtcaca; done
  sudo chown -R ${MISP_USER}:${MISP_USER} faup gtcaca
  # Install gtcaca
  cd gtcaca
--- a/docs/generic/viper-debian.md
+++ b/docs/generic/viper-debian.md
@ -18,8 +18,8 @@ viper () {
    fi
  fi
  echo "Cloning Viper"
-  $SUDO_CMD git clone https://github.com/viper-framework/viper.git
+  false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/viper-framework/viper.git; done
-  $SUDO_CMD git clone https://github.com/viper-framework/viper-web.git
+  false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/viper-framework/viper-web.git; done
  sudo chown -R $MISP_USER:$MISP_USER viper
  sudo chown -R $MISP_USER:$MISP_USER viper-web
  cd viper
--- a/docs/xINSTALL.NetBSD.md
+++ b/docs/xINSTALL.NetBSD.md
@ -1,5 +1,5 @@
 # INSTALLATION INSTRUCTIONS
-## for NetBSD 8.1-amd64
+## for NetBSD 9.0-amd64
 !!! warning
    This is not fully working yet. Mostly it is a template for our ongoing documentation efforts :spider:
@ -33,7 +33,9 @@ export AUTOCONF_VERSION=2.69
 #### sudo & pkgin (as root)
 ```bash
-su root -c "pkgin install sudo gsed"
+su root -c "cd /usr/pkgsrc/pkg tools/pkgin/; make install clean"
 su root -c "pkgin update"
 su root -c "pkgin -y install sudo gsed"
 su root -c 'gsed -i -e "s/# %wheel ALL=(ALL) NOPASSWD: ALL/%wheel ALL=(ALL) NOPASSWD: ALL/" /usr/pkg/etc/sudoers'
 ```
@ -41,10 +43,11 @@ su root -c 'gsed -i -e "s/# %wheel ALL=(ALL) NOPASSWD: ALL/%wheel ALL=(ALL) NOPA
 ```bash
 cd /usr
-env CVS_RSH=ssh sudo cvs -d anoncvs@anoncvs.NetBSD.org:/cvsroot checkout -P pkgsrc
+env CVS_RSH=ssh cvs -d anoncvs@anoncvs.NetBSD.org:/cvsroot checkout -P pkgsrc
 cd pkgsrc/bootstrap
-sudo ./bootstrap
+./bootstrap
-sudo /usr/pkg/sbin/pkg_admin -K /var/db/pkg fetch-pkg-vulnerabilities
+cd /usr/pkgsrc/pkg tools/pkgin/; make install clean
 /usr/pkg/sbin/pkg_admin fetch-pkg-vulnerabilities
 ```
 ```
@ -61,56 +64,56 @@ users crontab(5) entry. For example the entry
 #### Install bash
 ```bash
-sudo pkgin install bash
+sudo pkgin -y install bash
 ```
 #### mariadb server
 ```bash
-sudo pkgin install mariadb-server 
+sudo pkgin -y install mysql-server 
 ```
 #### Install misc dependencies
 ```bash
-sudo pkgin install curl git python36 py36-pip redis autoconf automake libtool magic
+sudo pkgin -y install curl git python37 py37-pip redis autoconf automake libtool magic
 ```
 ```bash
-sudo pkgin install gnupg2
+sudo pkgin -y install gnupg2
 ```
 #### Install postfix (optional)
 ```bash
-sudo pkgin install postfix
+sudo pkgin -y install postfix
 ```
 #### vim (optional)
 ```bash
-sudo pkgin install vim
+sudo pkgin -y install vim
 sudo mv /usr/bin/vi /usr/bin/vi-`date +%d%m%y`
 sudo ln -s /usr/pkg/bin/vim /usr/bin/vi
 ```
 #### misp user #REMOVE
 ```bash
 sudo useradd -m -s /usr/local/bin/bash -G wheel,www misp
 ```
 #### apache + php + moz-rootcerts
 ```bash
-sudo pkgin install php ap24-php73 php73-fpm php73-redis3 php73-mysqli php73-pdo_mysql php73-pcntl php73-json php73-iconv php73-gd php73-mbstring php73-pear-Crypt_GPG
+sudo pkgin -y install php ap24-php74 php74-fpm php74-redis3 php74-mysqli php74-pdo_mysql php74-pcntl php74-json php74-iconv php74-gd php74-mbstring php74-pear-Crypt_GPG
 sudo cp /usr/share/examples/openssl/openssl.cnf /etc/openssl/
 sudo mozilla-rootcerts install
 sudo cp /usr/pkg/share/examples/rc.d/apache /etc/rc.d/
 echo apache=yes |sudo tee /etc/rc.conf.d/apache
 ```
 #### misp user
 ```bash
 sudo useradd -m -s /usr/pkg/bin/bash -G wheel,www misp
 ```
 #### Install X11R7 post-install
 ```bash
 cd /tmp
-wget https://ftp.netbsd.org/pub/NetBSD/NetBSD-8.1/amd64/binary/sets/xbase.tgz
+wget https://ftp.netbsd.org/pub/NetBSD/NetBSD-9.0/amd64/binary/sets/xbase.tgz
 sudo tar -C / -xzphf xbase.tgz
 rm xbase.tgz
 ```
@ -129,16 +132,16 @@ OPENSSL_EMAILADDRESS='info@localhost'
 ```
 ```bash
-sudo openssl req -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=$OPENSSL_C/ST=$OPENSSL_ST/L=$OPENSSL_L/O=<$OPENSSL_O/OU=$OPENSSL_OU/CN=$OPENSSL_CN/emailAddress=$OPENSSL_EMAILADDRESS" -keyout /etc/openssl/private/server.key -out /usr/pkg/etc/httpd/server.crt
+sudo openssl req -sha256 -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=$OPENSSL_C/ST=$OPENSSL_ST/L=$OPENSSL_L/O=<$OPENSSL_O/OU=$OPENSSL_OU/CN=$OPENSSL_CN/emailAddress=$OPENSSL_EMAILADDRESS" -keyout /etc/openssl/private/server.key -out /usr/pkg/etc/httpd/server.crt
 ```
 #### Install Python virtualenv
 ```bash
-sudo ln -sf /usr/pkg/bin/pip3.6 /usr/pkg/bin/pip
+sudo ln -sf /usr/pkg/bin/pip3.7 /usr/pkg/bin/pip
-sudo ln -s /usr/pkg/bin/python3.6 /usr/pkg/bin/python
+sudo ln -s /usr/pkg/bin/python3.7 /usr/pkg/bin/python
-sudo ln -s /usr/pkg/bin/python3.6 /usr/pkg/bin/python3
+sudo ln -s /usr/pkg/bin/python3.7 /usr/pkg/bin/python3
-sudo pkgin install py36-virtualenv
+sudo pkgin -y install py37-virtualenv
-sudo ln -s /usr/pkg/bin/virtualenv-3.6 /usr/pkg/bin/virtualenv
+sudo ln -s /usr/pkg/bin/virtualenv-3.7 /usr/pkg/bin/virtualenv
 ```
 #### Install ssdeep
@ -146,11 +149,11 @@ sudo ln -s /usr/pkg/bin/virtualenv-3.6 /usr/pkg/bin/virtualenv
 sudo mkdir -p /usr/local/src
 sudo chown misp:users /usr/local/src
 cd /usr/local/src
-git clone https://github.com/ssdeep-project/ssdeep.git
+sudo -u misp git clone https://github.com/ssdeep-project/ssdeep.git
 cd ssdeep
-./bootstrap
+sudo -u misp ./bootstrap
-./configure --prefix=/usr
+sudo -u misp ./configure --prefix=/usr
-make
+sudo -u misp make
 sudo make install
 ```
@ -167,10 +170,8 @@ sudo /etc/rc.d/redis start
 #### Enable mysqld
 ```bash
 sudo /usr/pkg/bin/mysql_install_db
 sudo cp /usr/pkg/share/examples/rc.d/mysqld /etc/rc.d/
 echo mysqld=yes |sudo tee /etc/rc.conf.d/mysqld
 sudo chown -R mariadb:mariadb /var/mariadb
 sudo /etc/rc.d/mysqld start
 sudo /usr/pkg/bin/mysql_secure_installation
 # TODO: Figure out how to properly bind to localhost
@ -186,15 +187,15 @@ sudo mkdir $PATH_TO_MISP
 sudo chown www:www $PATH_TO_MISP
 cd $PATH_TO_MISP
 sudo -u www git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
-sudo -u www git submodule update --init --recursive
+sudo -u www git submodule update --progress --init --recursive
 # Make git ignore filesystem permission differences for submodules
 sudo -u www git submodule foreach --recursive git config core.filemode false
 # Make git ignore filesystem permission differences
 sudo -u www git config core.filemode false
-#sudo pkgin install py-pip py3-pip libxslt py3-jsonschema
+#sudo pkgin -y install py-pip py3-pip libxslt py3-jsonschema
-sudo pkgin install libxslt
+sudo pkgin -y install libxslt
 #sudo virtualenv -ppython3 /usr/local/virtualenvs/MISP
 sudo -u www virtualenv -ppython3 $PATH_TO_MISP/venv
 sudo -u www HOME=/tmp $PATH_TO_MISP/venv/bin/pip install -U pip
@ -462,7 +463,7 @@ sudo -u www bash $PATH_TO_MISP/app/Console/worker/start.sh
 #### MISP Modules
 ```
 #/usr/pkgsrc/graphics/opencv2/ (needs X11)
-sudo pkgin install jpeg yara
+sudo pkgin -y install jpeg yara
 cd /usr/local/src/
 git clone https://github.com/MISP/misp-modules.git
 cd misp-modules
@ -645,7 +646,7 @@ sudo -u www $CAKE Admin setSetting "Session.cookie_timeout" 3600
 #### ZeroMQ depends on the Python client for Redis
 ```bash
-sudo pkgin install zeromq
+sudo pkgin -y install zeromq
 sudo -u www HOME=/tmp $PATH_TO_MISP/venv/bin/pip install pyzmq
 ```
--- a/docs/xINSTALL.OpenBSD.md
+++ b/docs/xINSTALL.OpenBSD.md
@ -1,5 +1,5 @@
 # INSTALLATION INSTRUCTIONS
-## for OpenBSD 6.5-amd64
+## for OpenBSD 6.7-amd64
 !!! warning
    This is not fully working yet. Mostly it is a template for our ongoing documentation efforts :spider:
@ -85,29 +85,19 @@ doas pkg_add -v mariadb-server
 #### Install misc dependencies
 !!! notice
    You need to install python 3.x when asked, option 2.
    autoconf wants to be version 2.69, option 16
    automake wants to be version 1.16, option 7
 ```bash
-doas pkg_add -v curl git python redis libmagic autoconf automake libtool unzip
+doas pkg_add -v curl git python--%3.7 redis libmagic autoconf--%2.69 automake--%1.16 libtool unzip--iconv
 ```
 !!! notice
    GnuPG 2.x is best, option 3.
 ```bash
-doas pkg_add -v gnupg
+doas pkg_add -v gnupg--%gnupg2
 doas ln -s /usr/local/bin/gpg2 /usr/local/bin/gpg
 ```
 #### Install postfix (optional)
 !!! notice
    When asked, the standard postfix will be enough for a basic setup, option 9.
 ```bash
-doas pkg_add -v postfix
+doas pkg_add -v postfix--%stable
 doas /usr/local/sbin/postfix-enable 
 ```
@ -146,21 +136,17 @@ doas cp /etc/examples/httpd.conf /etc # adjust by hand, or copy/paste the config
 ```
 ```
-# $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $
+# $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $
 #
 # Macros
 #
-ext4_addr="*"
+ext_addr="*"
 ext6_addr="::"
 server "default" {
        #listen on $ext4_addr port 80 block return 301 "https://$SERVER_NAME$REQUEST_URI"
-        listen on $ext4_addr port 80
+        listen on $ext_addr port 80
-        listen on $ext4_addr tls port 443
+        listen on $ext_addr tls port 443
        #listen on $ext6_addr port 80 block return 301 "https://$SERVER_NAME$REQUEST_URI"
        listen on $ext6_addr port 80
        listen on $ext6_addr tls port 443
        root "/htdocs/MISP/app/webroot"
@ -242,11 +228,11 @@ doas rcctl enable httpd
 #### Install Python virtualenv
 ```bash
-doas ln -sf /usr/local/bin/pip3.6 /usr/local/bin/pip
+doas pkg_add -v py3-virtualenv py3-pip
-doas ln -s /usr/local/bin/python3.6 /usr/local/bin/python
+doas ln -sf /usr/local/bin/pip3.7 /usr/local/bin/pip
-doas pkg_add -v py-virtualenv
+doas ln -s /usr/local/bin/python3.7 /usr/local/bin/python
 doas mkdir /usr/local/virtualenvs
-doas virtualenv -ppython3 /usr/local/virtualenvs/MISP
+doas virtualenv-3 /usr/local/virtualenvs/MISP
 ```
 #### Install ssdeep
@ -264,44 +250,42 @@ doas pkg_add -v fcgi-cgi fcgi
 !!! notice
    php-5.6 is marked as end-of-life starting December 2018, use php 7.0 instead.
    Option 2.
-    If on OpenBSD 6.3, upgrade to 6.5 to make your life much easier.
+    If on OpenBSD 6.3, upgrade to 6.7 to make your life much easier.
 ```
-doas pkg_add -v php-mysqli php-pcntl php-pdo_mysql php-apache pecl73-redis php-gd
+doas pkg_add -v php-mysqli--%7.4 php-pcntl--%7.4 php-pdo_mysql--%7.4 php-apache--%7.4 pecl74-redis php-gd--%7.4
 ```
-#### /etc/php-7.3.ini 
+#### /etc/php-7.4.ini 
 ```
-## TODO: sed foo as .ini exists
+doas sed -i "s/^allow_url_fopen = Off/allow_url_fopen = On/g" /etc/php-7.4.ini
 allow_url_fopen = On
 ```
 ```bash
-cd /etc/php-7.3
+cd /etc/php-7.4
-doas cp ../php-7.3.sample/* .
+doas cp ../php-7.4.sample/* .
 ```
 #### php symlinks
 ```bash
-doas ln -s /usr/local/bin/php-7.3 /usr/local/bin/php
+doas ln -s /usr/local/bin/php-7.4 /usr/local/bin/php
-doas ln -s /usr/local/bin/phpize-7.3 /usr/local/bin/phpize
+doas ln -s /usr/local/bin/phpize-7.4 /usr/local/bin/phpize
-doas ln -s /usr/local/bin/php-config-7.3 /usr/local/bin/php-config
+doas ln -s /usr/local/bin/php-config-7.4 /usr/local/bin/php-config
 ```
 #### Enable php fpm 
 ```bash
-doas rcctl enable php73_fpm
+doas rcctl enable php74_fpm
 ```
 #### Configure fpm
 ```
 doas vi /etc/php-fpm.conf
-# pid = /var/www/run/php-fpm.pid
+doas sed -i "s/^;pid = run\/php-fpm.pid/pid = \/var\/www\/run\/php-fpm.pid/g" /etc/php-fpm.conf
-# error_log = /var/www/logs/php-fpm.log
+doas sed -i "s/^;error_log = log\/php-fpm.log/error_log = \/var\/www\/logs\/php-fpm.log/g" /etc/php-fpm.conf
-doas mkdir /etc/php-fpm.d
+doas mkdir -p /etc/php-fpm.d
 doas vi /etc/php-fpm.d/default.conf
 echo ";;;;;;;;;;;;;;;;;;;;
 ; Pool Definitions ;
 ;;;;;;;;;;;;;;;;;;;;
@ -320,7 +304,7 @@ pm.min_spare_servers = 1
 pm.max_spare_servers = 3
 chroot = /var/www" | doas tee /etc/php-fpm.d/default.conf
-doas /etc/rc.d/php73_fpm start 
+doas /etc/rc.d/php74_fpm start 
 ```
 !!! notice
@ -339,6 +323,7 @@ doas /usr/local/bin/mysql_install_db
 doas rcctl set mysqld status on
 doas rcctl set mysqld flags --bind-address=127.0.0.1
 doas /etc/rc.d/mysqld start
 echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
 doas mysql_secure_installation
 ```
@ -349,22 +334,22 @@ doas mysql_secure_installation
 doas mkdir /var/www/htdocs/MISP
 doas chown www:www /var/www/htdocs/MISP
 cd /var/www/htdocs/MISP
-doas -u www git clone https://github.com/MISP/MISP.git /var/www/htdocs/MISP
+false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/MISP/MISP.git /var/www/htdocs/MISP; done
-doas -u www git submodule update --init --recursive
+false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git submodule update --progress --init --recursive; done
 # Make git ignore filesystem permission differences for submodules
-doas -u www git submodule foreach --recursive git config core.filemode false
+${SUDO_WWW} git submodule foreach --recursive git config core.filemode false
 # Make git ignore filesystem permission differences
-doas -u www git config core.filemode false
+${SUDO_WWW} git config core.filemode false
-doas pkg_add py-pip py3-pip libxml libxslt py3-jsonschema
+doas pkg_add -v py3-pip libxml libxslt py3-jsonschema
 doas /usr/local/virtualenvs/MISP/bin/pip install -U pip
 cd /var/www/htdocs/MISP/app/files/scripts
-doas -u www git clone https://github.com/CybOXProject/mixbox.git
+false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git; done
-doas -u www git clone https://github.com/CybOXProject/python-cybox.git
+false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git; done
-doas -u www git clone https://github.com/STIXProject/python-stix.git
+false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/MAECProject/python-maec.git; done
-doas -u www git clone https://github.com/MAECProject/python-maec.git
+false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git; done
 cd /var/www/htdocs/MISP/app/files/scripts/python-cybox
 doas /usr/local/virtualenvs/MISP/bin/python setup.py install
@ -399,15 +384,10 @@ doas /usr/local/virtualenvs/MISP/bin/pip install git+https://github.com/kbandla/
 # Install CakeResque along with its dependencies if you intend to use the built in background jobs:
 cd /var/www/htdocs/MISP/app
 doas mkdir /var/www/.composer ; doas chown www:www /var/www/.composer
-#EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
+${SUDO_WWW} env HOME=/var/www php composer.phar install
 #doas -u www php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
 #doas -u www php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
 #doas -u www env HOME=/var/www php composer-setup.php
 #doas -u www php -r "unlink('composer-setup.php');"
 doas -u www env HOME=/var/www php composer.phar install
 # To use the scheduler worker for scheduled tasks, do the following:
-doas -u www cp -f /var/www/htdocs/MISP/INSTALL/setup/config.php /var/www/htdocs/MISP/app/Plugin/CakeResque/Config/config.php
+${SUDO_WWW} cp -f /var/www/htdocs/MISP/INSTALL/setup/config.php /var/www/htdocs/MISP/app/Plugin/CakeResque/Config/config.php
 ```
 ### 4/ Set the permissions
@ -429,8 +409,11 @@ doas mysql -u root -p
 ```
 ```
 echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
 echo "User  (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
 MariaDB [(none)]> create database misp;
-MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
+MariaDB [(none)]> grant usage on *.* to misp@localhost identified by '${DBPASSWORD_MISP}';
 MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
 MariaDB [(none)]> flush privileges;
 MariaDB [(none)]> exit
@ -438,7 +421,7 @@ MariaDB [(none)]> exit
 ```bash
 # Import the empty MISP database from MYSQL.sql
-doas -u www sh -c "mysql -u misp -p misp < /var/www/htdocs/MISP/INSTALL/MYSQL.sql"
+${SUDO_WWW} sh -c "mysql -u misp -p${DBPASSWORD_MISP} misp < /var/www/htdocs/MISP/INSTALL/MYSQL.sql"
 # enter the password you set previously
 ```
@ -525,7 +508,7 @@ DirectoryIndex index.php
 ```
 ```bash
-doas ln -sf /var/www/conf/modules.sample/php-7.3.conf /var/www/conf/modules/php.conf
+doas ln -sf /var/www/conf/modules.sample/php-7.4.conf /var/www/conf/modules/php.conf
 # Restart apache
 doas /etc/rc.d/apache2 restart
 ``` 
@ -539,13 +522,13 @@ doas /etc/rc.d/apache2 restart
 ---------------------
 ``` 
 # There are 4 sample configuration files in /var/www/htdocs/MISP/app/Config that need to be copied
-doas -u www cp /var/www/htdocs/MISP/app/Config/bootstrap.default.php /var/www/htdocs/MISP/app/Config/bootstrap.php
+${SUDO_WWW} cp /var/www/htdocs/MISP/app/Config/bootstrap.default.php /var/www/htdocs/MISP/app/Config/bootstrap.php
-doas -u www cp /var/www/htdocs/MISP/app/Config/database.default.php /var/www/htdocs/MISP/app/Config/database.php
+${SUDO_WWW} cp /var/www/htdocs/MISP/app/Config/database.default.php /var/www/htdocs/MISP/app/Config/database.php
-doas -u www cp /var/www/htdocs/MISP/app/Config/core.default.php /var/www/htdocs/MISP/app/Config/core.php
+${SUDO_WWW} cp /var/www/htdocs/MISP/app/Config/core.default.php /var/www/htdocs/MISP/app/Config/core.php
-doas -u www cp /var/www/htdocs/MISP/app/Config/config.default.php /var/www/htdocs/MISP/app/Config/config.php
+${SUDO_WWW} cp /var/www/htdocs/MISP/app/Config/config.default.php /var/www/htdocs/MISP/app/Config/config.php
 # Configure the fields in the newly created files:
-doas -u www vi /var/www/htdocs/MISP/app/Config/database.php
+${SUDO_WWW} vi /var/www/htdocs/MISP/app/Config/database.php
 ``` 
 ``` 
 # DATABASE_CONFIG has to be filled
@ -574,7 +557,7 @@ doas -u www vi /var/www/htdocs/MISP/app/Config/database.php
 ``` 
 # Change base url in config.php
-doas -u www vi /var/www/htdocs/MISP/app/Config/config.php
+${SUDO_WWW} vi /var/www/htdocs/MISP/app/Config/config.php
 # example: 'baseurl' => 'https://<your.FQDN.here>',
 # alternatively, you can leave this field empty if you would like to use relative pathing in MISP
 # 'baseurl' => '',
@ -601,7 +584,7 @@ echo "%echo Generating a default key
    # Do a commit here, so that we can later print "done"
    %commit
 %echo done" > /tmp/gen-key-script
-doas -u www mkdir /var/www/htdocs/MISP/.gnupg
+${SUDO_WWW} mkdir /var/www/htdocs/MISP/.gnupg
 doas chmod 700 /var/www/htdocs/MISP/.gnupg
 doas gpg2 --homedir /var/www/htdocs/MISP/.gnupg --batch --gen-key /tmp/gen-key-script
 # The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
@ -613,7 +596,7 @@ doas sh -c "gpg2 --homedir /var/www/htdocs/MISP/.gnupg --export --armor $GPG_EMA
 doas chmod +x /var/www/htdocs/MISP/app/Console/worker/start.sh
 doas vi /etc/rc.local
 # Add the following line before the last line (exit 0). Make sure that you replace www with your apache user:
-doas -u www bash /var/www/htdocs/MISP/app/Console/worker/start.sh
+${SUDO_WWW} bash /var/www/htdocs/MISP/app/Console/worker/start.sh
 ``` 
 {!generic/INSTALL.done.md!}
@ -623,7 +606,9 @@ doas -u www bash /var/www/htdocs/MISP/app/Console/worker/start.sh
 #### MISP Modules
 ```
 doas pkg_add -v jpeg yara
 mkdir -p /usr/local/src/
 cd /usr/local/src/
 doas chown ${MISP_USER} /usr/local/src
 doas -u misp git clone https://github.com/MISP/misp-modules.git
 cd misp-modules
 # pip3 install
@ -633,8 +618,8 @@ doas /usr/local/virtualenvs/MISP/bin/pip install git+https://github.com/VirusTot
 doas /usr/local/virtualenvs/MISP/bin/pip install wand
 ##doas gem install pygments.rb
 ##doas gem install asciidoctor-pdf --pre
-doas -u www /usr/local/virtualenvs/MISP/bin/misp-modules -l 0.0.0.0 -s &
+${SUDO_WWW} /usr/local/virtualenvs/MISP/bin/misp-modules -l 0.0.0.0 -s &
-echo "doas -u www /usr/local/virtualenvs/MISP/bin/misp-modules -l 0.0.0.0 -s &" |doas tee -a /etc/rc.local
+echo "${SUDO_WWW} /usr/local/virtualenvs/MISP/bin/misp-modules -l 0.0.0.0 -s &" |doas tee -a /etc/rc.local
 ```
 !!! notice
@ -652,7 +637,11 @@ echo "doas -u www /usr/local/virtualenvs/MISP/bin/misp-modules -l 0.0.0.0 -s &"
 ```bash
 doas $CAKE Live $MISP_LIVE
-AUTH_KEY=$(mysql -u misp -p misp -e "SELECT authkey FROM users;" | tail -1)
+AUTH_KEY=$(mysql -u misp -p${DBPASSWORD_MISP} misp -e "SELECT authkey FROM users;" | tail -1)
 $CAKE userInit -q
 $CAKE Admin runUpdates
 $CAKE Admin setSetting "MISP.python_bin" "/usr/local/virtualenvs/MISP/bin/python"
 # Update the galaxies…
 doas $CAKE Admin updateGalaxies
@ -663,12 +652,10 @@ doas $CAKE Admin updateTaxonomies
 doas $CAKE Admin updateWarningLists
 # Updating the notice lists…
-## doas $CAKE Admin updateNoticeLists
+doas $CAKE Admin updateNoticeLists
 curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
 # Updating the object templates…
-##doas $CAKE Admin updateObjectTemplates
+doas $CAKE Admin updateObjectTemplates "1337"
 curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
 # Tune global time outs
 doas $CAKE Admin setSetting "Session.autoRegenerate" 0
@ -677,7 +664,7 @@ doas $CAKE Admin setSetting "Session.cookie_timeout" 3600
 # Enable GnuPG
 doas $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
-doas $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
+doas $CAKE Admin setSetting "GnuPG.homedir" "${PATH_TO_MISP}/.gnupg"
 doas $CAKE Admin setSetting "GnuPG.password" "Password1234"
 # Enable Enrichment set better timeouts
@ -852,7 +839,7 @@ doas /usr/local/virtualenvs/MISP/bin/pip install pyzmq
 cd /var/www
 doas mkdir misp-dashboard
 doas chown www:www misp-dashboard
-doas -u www git clone https://github.com/MISP/misp-dashboard.git
+${SUDO_WWW} git clone https://github.com/MISP/misp-dashboard.git
 cd misp-dashboard
 #/!\ Made on Linux, the next script will fail
 #doas /var/www/misp-dashboard/install_dependencies.sh
@ -860,7 +847,7 @@ doas virtualenv -ppython3 /usr/local/virtualenvs/DASHENV
 doas /usr/local/virtualenvs/DASHENV/bin/pip install -U pip argparse redis zmq geoip2 flask phonenumbers pycountry
 doas sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
-doas sed -i -e '$i \doas -u www bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
+doas sed -i -e '$i \${SUDO_WWW} bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
 #/!\ Add port 8001 as a listener
 #doas sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
 doas pkg_add -v ap2-mod_wsgi
@ -906,7 +893,7 @@ echo "<VirtualHost *:8001>
 doas ln -s /etc/apache2/sites-available/misp-dashboard.conf /etc/apache2/sites-enabled/misp-dashboard.conf
 ```
-Add this to /etc/httpd2.conf
+Add this to /etc/httpd.conf
 ```
 LoadModule wsgi_module /usr/local/lib/apache2/mod_wsgi.so
 Listen 8001
--- a/docs/xINSTALL.centos6.md
+++ b/docs/xINSTALL.centos6.md
@ -129,62 +129,62 @@ sudo service redis start
 ------------
 ```bash
 # Download MISP using git in the /var/www/ directory.
-sudo mkdir $PATH_TO_MISP
+sudo mkdir ${PATH_TO_MISP}
-sudo chown apache:apache $PATH_TO_MISP
+sudo chown apache:apache ${PATH_TO_MISP}
 cd /var/www
-$SUDO_WWW git clone https://github.com/MISP/MISP.git
+${SUDO_WWW} git clone https://github.com/MISP/MISP.git
-cd $PATH_TO_MISP
+cd ${PATH_TO_MISP}
-##$SUDO_WWW git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
+##${SUDO_WWW} git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
 # if the last shortcut doesn't work, specify the latest version manually
 # example: git checkout tags/v2.4.XY
 # the message regarding a "detached HEAD state" is expected behaviour
 # (you only have to create a new branch, if you want to change stuff and do a pull request for example)
 # Fetch submodules
-$SUDO_WWW git submodule update --init --recursive
+${SUDO_WWW} git submodule update --init --recursive
 # Make git ignore filesystem permission differences for submodules
-$SUDO_WWW git submodule foreach --recursive git config core.filemode false
+${SUDO_WWW} git submodule foreach --recursive git config core.filemode false
 # Create a python3 virtualenv
-$SUDO_WWW $RUN_PYTHON "virtualenv -p python3 $PATH_TO_MISP/venv"
+${SUDO_WWW} $RUN_PYTHON "virtualenv -p python3 ${PATH_TO_MISP}/venv"
 sudo mkdir /var/www/.cache
 sudo chown apache:apache /var/www/.cache
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U pip setuptools
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U pip setuptools
 # install Mitre's STIX and its dependencies by running the following commands:
 sudo yum install python-importlib python-lxml python-dateutil python-six -y
-cd $PATH_TO_MISP/app/files/scripts
+cd ${PATH_TO_MISP}/app/files/scripts
-$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
+${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git
-$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
+${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git
-cd $PATH_TO_MISP/app/files/scripts/python-cybox
+cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
 # If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
 UMASK=$(umask)
 umask 0022
-cd $PATH_TO_MISP/app/files/scripts/python-stix
+cd ${PATH_TO_MISP}/app/files/scripts/python-stix
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # install maec
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U maec
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U maec
 # install zmq
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U zmq
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U zmq
 # install redis
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U redis
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U redis
 # lief needs manual compilation
 sudo yum install devtoolset-7 cmake3 -y
 sudo yum install http://opensource.wandisco.com/centos/6/git/x86_64/wandisco-git-release-6-1.noarch.rpm
 sudo yum install git -y
-cd $PATH_TO_MISP/app/files/scripts
+cd ${PATH_TO_MISP}/app/files/scripts
-$SUDO_WWW git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
+${SUDO_WWW} git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
 # TODO: Fix static path with PATH_TO_MISP
-cd $PATH_TO_MISP/app/files/scripts/lief
+cd ${PATH_TO_MISP}/app/files/scripts/lief
-$SUDO_WWW mkdir build
+${SUDO_WWW} mkdir build
 cd build
-$SUDO_WWW scl enable devtoolset-7 rh-python36 'bash -c "cmake3 \
+${SUDO_WWW} scl enable devtoolset-7 rh-python36 'bash -c "cmake3 \
 -DLIEF_PYTHON_API=on \
 -DLIEF_DOC=off \
 -DCMAKE_INSTALL_PREFIX=$LIEF_INSTALL \
@ -192,30 +192,30 @@ $SUDO_WWW scl enable devtoolset-7 rh-python36 'bash -c "cmake3 \
 -DPYTHON_VERSION=3.6 \
 -DPYTHON_EXECUTABLE=/var/www/MISP/venv/bin/python \
 .."'
-$SUDO_WWW make -j3
+${SUDO_WWW} make -j3
 sudo make install
 cd api/python/lief_pybind11-prefix/src/lief_pybind11
-$SUDO_WWW $PATH_TO_MISP/venv/bin/python setup.py install
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/python setup.py install
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install lief
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install lief
 # install magic, pydeep
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U python-magic
 ## pydeep does not compile ):
 ## git+https://github.com/kbandla/pydeep.git
 # install mixbox to accommodate the new STIX dependencies:
-cd $PATH_TO_MISP/app/files/scripts/
+cd ${PATH_TO_MISP}/app/files/scripts/
-$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
+${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git
-cd $PATH_TO_MISP/app/files/scripts/mixbox
+cd ${PATH_TO_MISP}/app/files/scripts/mixbox
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # install STIX2.0 library to support STIX 2.0 export:
-cd $PATH_TO_MISP/cti-python-stix2
+cd ${PATH_TO_MISP}/cti-python-stix2
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # install PyMISP
-cd $PATH_TO_MISP/PyMISP
+cd ${PATH_TO_MISP}/PyMISP
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # FIXME: Remove libfaup etc once the egg has the library baked-in
 # BROKEN: This needs to be tested on RHEL/CentOS
@ -254,17 +254,17 @@ sudo service rh-php70-php-fpm restart
 #### CakePHP is now included as a submodule of MISP and has been fetch by a previous step.
 #### Install CakeResque along with its dependencies if you intend to use the built in background jobs.
 ```bash
-sudo chown -R apache:apache $PATH_TO_MISP
+sudo chown -R apache:apache ${PATH_TO_MISP}
 sudo mkdir /var/www/.composer/
 sudo chown apache:apache /var/www/.composer/
-cd $PATH_TO_MISP/app
+cd ${PATH_TO_MISP}/app
 # Update composer.phar (optional)
 #EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
-#$SUDO_WWW $RUN_PHP -- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+#${SUDO_WWW} $RUN_PHP -- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-#$SUDO_WWW $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
+#${SUDO_WWW} $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
-#$SUDO_WWW $RUN_PHP "php composer-setup.php"
+#${SUDO_WWW} $RUN_PHP "php composer-setup.php"
-#$SUDO_WWW $RUN_PHP -- php -r "unlink('composer-setup.php');"
+#${SUDO_WWW} $RUN_PHP -- php -r "unlink('composer-setup.php');"
-$SUDO_WWW $RUN_PHP "php composer.phar install"
+${SUDO_WWW} $RUN_PHP "php composer.phar install"
 sudo yum install php-redis -y
 sudo service rh-php70-php-fpm restart
@ -284,30 +284,30 @@ do
 done
 sudo service rh-php70-php-fpm restart
 # To use the scheduler worker for scheduled tasks, do the following:
-sudo cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
+sudo cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
 ```
 ### 5/ Set the permissions
 ----------------------
 ```bash
 # Make sure the permissions are set correctly using the following commands as root:
-sudo chown -R apache:apache $PATH_TO_MISP
+sudo chown -R apache:apache ${PATH_TO_MISP}
-sudo find $PATH_TO_MISP -type d -exec chmod g=rx {} \;
+sudo find ${PATH_TO_MISP} -type d -exec chmod g=rx {} \;
-sudo chmod -R g+r,o= $PATH_TO_MISP
+sudo chmod -R g+r,o= ${PATH_TO_MISP}
-sudo chmod -R 750 $PATH_TO_MISP
+sudo chmod -R 750 ${PATH_TO_MISP}
-sudo chmod -R g+xws $PATH_TO_MISP/app/tmp
+sudo chmod -R g+xws ${PATH_TO_MISP}/app/tmp
-sudo chmod -R g+ws $PATH_TO_MISP/app/files
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
-sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp
-sudo chmod -R g+rw $PATH_TO_MISP/venv
+sudo chmod -R g+rw ${PATH_TO_MISP}/venv
-sudo chmod -R g+rw $PATH_TO_MISP/.git
+sudo chmod -R g+rw ${PATH_TO_MISP}/.git
-sudo chown apache:apache $PATH_TO_MISP/app/files
+sudo chown apache:apache ${PATH_TO_MISP}/app/files
-sudo chown apache:apache $PATH_TO_MISP/app/files/terms
+sudo chown apache:apache ${PATH_TO_MISP}/app/files/terms
-sudo chown apache:apache $PATH_TO_MISP/app/files/scripts/tmp
+sudo chown apache:apache ${PATH_TO_MISP}/app/files/scripts/tmp
-sudo chown apache:apache $PATH_TO_MISP/app/Plugin/CakeResque/tmp
+sudo chown apache:apache ${PATH_TO_MISP}/app/Plugin/CakeResque/tmp
-sudo chown -R apache:apache $PATH_TO_MISP/app/Config
+sudo chown -R apache:apache ${PATH_TO_MISP}/app/Config
-sudo chown -R apache:apache $PATH_TO_MISP/app/tmp
+sudo chown -R apache:apache ${PATH_TO_MISP}/app/tmp
-sudo chown -R apache:apache $PATH_TO_MISP/app/webroot/img/orgs
+sudo chown -R apache:apache ${PATH_TO_MISP}/app/webroot/img/orgs
-sudo chown -R apache:apache $PATH_TO_MISP/app/webroot/img/custom
+sudo chown -R apache:apache ${PATH_TO_MISP}/app/webroot/img/custom
 ```
 ### 6/ Create a database and user
@ -378,7 +378,7 @@ sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
 #### Import the empty MySQL database from MYSQL.sql
 ```bash
-$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
+${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
 ```
@ -394,10 +394,10 @@ $SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSW
    If it is disabled, you can ignore the **chcon/setsebool/semanage/checkmodule/semodule*** commands.
 ```bash
-# Now configure your apache server with the DocumentRoot $PATH_TO_MISP/app/webroot/
+# Now configure your apache server with the DocumentRoot ${PATH_TO_MISP}/app/webroot/
-# A sample vhost can be found in $PATH_TO_MISP/INSTALL/old/apache.misp.centos6
+# A sample vhost can be found in ${PATH_TO_MISP}/INSTALL/old/apache.misp.centos6
-sudo cp $PATH_TO_MISP/INSTALL/old/apache.misp.centos6 /etc/httpd/conf.d/misp.conf
+sudo cp ${PATH_TO_MISP}/INSTALL/old/apache.misp.centos6 /etc/httpd/conf.d/misp.conf
 # Allow httpd to connect to the redis server and php-fpm over tcp/ip
 sudo setsebool -P httpd_can_network_connect on
@ -427,20 +427,20 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
 ### 8/ Log rotation
 ---------------
 ```bash
-# MISP saves the stdout and stderr of its workers in $PATH_TO_MISP/app/tmp/logs
+# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
 # To rotate these logs install the supplied logrotate script:
-sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
 sudo chmod 0640 /etc/logrotate.d/misp
 # Now make logrotate work under SELinux as well
 # Allow logrotate to modify the log files
-sudo semanage fcontext -a -t httpd_log_t "$PATH_TO_MISP/app/tmp/logs(/.*)?"
+sudo semanage fcontext -a -t httpd_log_t "${PATH_TO_MISP}/app/tmp/logs(/.*)?"
-sudo chcon -R -t httpd_log_t $PATH_TO_MISP/app/tmp/logs
+sudo chcon -R -t httpd_log_t ${PATH_TO_MISP}/app/tmp/logs
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/tmp/logs
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/tmp/logs
 # Allow logrotate to read /var/www
-sudo checkmodule -M -m -o /tmp/misplogrotate.mod $PATH_TO_MISP/INSTALL/misplogrotate.te
+sudo checkmodule -M -m -o /tmp/misplogrotate.mod ${PATH_TO_MISP}/INSTALL/misplogrotate.te
 sudo semodule_package -o /tmp/misplogrotate.pp -m /tmp/misplogrotate.mod
 sudo semodule -i /tmp/misplogrotate.pp
 ```
@ -448,11 +448,11 @@ sudo semodule -i /tmp/misplogrotate.pp
 ### 9/ MISP configuration
 ---------------------
 ```bash
-# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
+# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
 echo "<?php
 class DATABASE_CONFIG {
@ -469,7 +469,7 @@ class DATABASE_CONFIG {
                'prefix' => '',
                'encoding' => 'utf8',
        );
-}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
+}" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php
 # Configure the fields in the newly created files:
 # config.php   : baseurl (example: 'baseurl' => 'http://misp',) - don't use "localhost" it causes issues when browsing externally
@ -491,14 +491,14 @@ class DATABASE_CONFIG {
 #   );
 #}
-# Important! Change the salt key in $PATH_TO_MISP/app/Config/config.php
+# Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php
 # The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
 # If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
 # delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
 # If you want to be able to change configuration parameters from the webinterface:
-sudo chown apache:apache $PATH_TO_MISP/app/Config/config.php
+sudo chown apache:apache ${PATH_TO_MISP}/app/Config/config.php
-sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Config/config.php
+sudo chcon -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/Config/config.php
 # Generate a GPG encryption key.
 cat >/tmp/gen-key-script <<EOF
@ -516,17 +516,17 @@ cat >/tmp/gen-key-script <<EOF
    %echo done
 EOF
-sudo gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
+sudo gpg --homedir ${PATH_TO_MISP}/.gnupg --batch --gen-key /tmp/gen-key-script
 sudo rm -f /tmp/gen-key-script
-sudo chown -R apache:apache $PATH_TO_MISP/.gnupg
+sudo chown -R apache:apache ${PATH_TO_MISP}/.gnupg
 # And export the public key to the webroot
-sudo gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sudo tee $PATH_TO_MISP/app/webroot/gpg.asc
+sudo gpg --homedir ${PATH_TO_MISP}/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sudo tee ${PATH_TO_MISP}/app/webroot/gpg.asc
-sudo chown apache:apache $PATH_TO_MISP/app/webroot/gpg.asc
+sudo chown apache:apache ${PATH_TO_MISP}/app/webroot/gpg.asc
 # Start the workers to enable background jobs
-sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
+sudo chmod +x ${PATH_TO_MISP}/app/Console/worker/start.sh
-$SUDO_WWW $RUN_PHP $PATH_TO_MISP/app/Console/worker/start.sh
+${SUDO_WWW} $RUN_PHP ${PATH_TO_MISP}/app/Console/worker/start.sh
 if [ ! -e /etc/rc.local ]
 then
@ -551,21 +551,21 @@ sudo yum install -y openjpeg-devel
 sudo chmod 2777 /usr/local/src
 sudo chown root:users /usr/local/src
 cd /usr/local/src/
-$SUDO_WWW git clone https://github.com/MISP/misp-modules.git
+${SUDO_WWW} git clone https://github.com/MISP/misp-modules.git
 cd misp-modules
 # pip install
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
 # The following fails
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 sudo yum install rubygem-rouge rubygem-asciidoctor -y
 ##sudo gem install asciidoctor-pdf --pre
 # install additional dependencies for extended object generation and extraction
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install maec python-magic pathlib
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install maec python-magic pathlib
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
 # Start misp-modules
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
 # TODO: Fix static path with PATH_TO_MISP
 sudo sed -i -e '$i \sudo -u apache /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s &\n' /etc/rc.local
--- a/docs/xINSTALL.centos7.md
+++ b/docs/xINSTALL.centos7.md
@ -43,7 +43,7 @@ Make sure you are reading the parsed version of this Document. When in doubt [cl
 # <snippet-begin 0_RHEL_PHP_INI.sh>
 # RHEL/CentOS Specific
 WWW_USER="apache"
-SUDO_WWW="sudo -H -u $WWW_USER"
+SUDO_WWW="sudo -H -u ${WWW_USER}"
 RUN_PHP='/usr/bin/scl enable rh-php72'
 PHP_INI=/etc/opt/rh/rh-php72/php.ini
@ -118,91 +118,91 @@ sudo systemctl enable --now redis.service
 ```bash
 # Download MISP using git in the /var/www/ directory.
 PATH_TO_MISP="/var/www/MISP"
-sudo mkdir -p $(dirname $PATH_TO_MISP)
+sudo mkdir -p $(dirname ${PATH_TO_MISP})
-sudo chown ${WWW_USER}:${WWW_USER} ($dirname $PATH_TO_MISP)
+sudo chown ${WWW_USER}:${WWW_USER} ($dirname ${PATH_TO_MISP})
-cd $(dirname $PATH_TO_MISP)
+cd $(dirname ${PATH_TO_MISP})
-$SUDO_WWW git clone https://github.com/MISP/MISP.git
+${SUDO_WWW} git clone https://github.com/MISP/MISP.git
-cd $PATH_TO_MISP
+cd ${PATH_TO_MISP}
-##$SUDO_WWW git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
+##${SUDO_WWW} git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
 # if the last shortcut doesn't work, specify the latest version manually
 # example: git checkout tags/v2.4.XY
 # the message regarding a "detached HEAD state" is expected behaviour
 # (you only have to create a new branch, if you want to change stuff and do a pull request for example)
 # Fetch submodules
-$SUDO_WWW git submodule update --init --recursive
+${SUDO_WWW} git submodule update --init --recursive
 # Make git ignore filesystem permission differences for submodules
-$SUDO_WWW git submodule foreach --recursive git config core.filemode false
+${SUDO_WWW} git submodule foreach --recursive git config core.filemode false
 # Make git ignore filesystem permission differences
-$SUDO_WWW git config core.filemode false
+${SUDO_WWW} git config core.filemode false
 # Create a python3 virtualenv
 sudo pip3 install virtualenv
-$SUDO_WWW python3 "virtualenv -p python3 $PATH_TO_MISP/venv"
+${SUDO_WWW} python3 "virtualenv -p python3 ${PATH_TO_MISP}/venv"
 sudo mkdir /usr/share/httpd/.cache
 sudo chown ${WWW_USER}:${WWW_USER} /usr/share/httpd/.cache
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U pip setuptools
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U pip setuptools
 # install Mitre's STIX and its dependencies by running the following commands:
 ##sudo yum install python-importlib python-lxml python-dateutil python-six -y
-cd $PATH_TO_MISP/app/files/scripts
+cd ${PATH_TO_MISP}/app/files/scripts
-$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
+${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git
-$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
+${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git
-$SUDO_WWW git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
+${SUDO_WWW} git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
-$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
+${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git
-cd $PATH_TO_MISP/app/files/scripts/python-cybox
+cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
 # If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
 UMASK=$(umask)
 umask 0022
-cd $PATH_TO_MISP/app/files/scripts/python-stix
+cd ${PATH_TO_MISP}/app/files/scripts/python-stix
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # install maec
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U maec
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U maec
 # install zmq
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U zmq
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U zmq
 # install redis
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U redis
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U redis
 # lief needs manual compilation
 sudo yum install devtoolset-7 cmake3 -y
 # TODO: Fix static path with PATH_TO_MISP
-cd $PATH_TO_MISP/app/files/scripts/lief
+cd ${PATH_TO_MISP}/app/files/scripts/lief
-$SUDO_WWW mkdir build
+${SUDO_WWW} mkdir build
 cd build
-$SUDO_WWW scl enable devtoolset-7 'bash -c "cmake3 \
+${SUDO_WWW} scl enable devtoolset-7 'bash -c "cmake3 \
 -DLIEF_PYTHON_API=on \
 -DLIEF_DOC=off \
 -DCMAKE_INSTALL_PREFIX=$LIEF_INSTALL \
 -DCMAKE_BUILD_TYPE=Release \
 -DPYTHON_VERSION=3.6 \
-DPYTHON_EXECUTABLE=$PATH_TO_MISP/venv/bin/python \
+-DPYTHON_EXECUTABLE=${PATH_TO_MISP}/venv/bin/python \
 .."'
-$SUDO_WWW make -j3
+${SUDO_WWW} make -j3
 sudo make install
 cd api/python/lief_pybind11-prefix/src/lief_pybind11
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/python setup.py install
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/python setup.py install
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install lief
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install lief
 # install magic, pydeep
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic git+https://github.com/kbandla/pydeep.git
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U python-magic git+https://github.com/kbandla/pydeep.git
-cd $PATH_TO_MISP/app/files/scripts/mixbox
+cd ${PATH_TO_MISP}/app/files/scripts/mixbox
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # install STIX2.0 library to support STIX 2.0 export:
-cd $PATH_TO_MISP/cti-python-stix2
+cd ${PATH_TO_MISP}/cti-python-stix2
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # install PyMISP
-cd $PATH_TO_MISP/PyMISP
+cd ${PATH_TO_MISP}/PyMISP
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # FIXME: Remove libfaup etc once the egg has the library baked-in
 # BROKEN: This needs to be tested on RHEL/CentOS
@ -237,17 +237,17 @@ umask $UMASK
 #### CakePHP is now included as a submodule of MISP and has been fetch by a previous step.
 #### Install CakeResque along with its dependencies if you intend to use the built in background jobs.
 ```bash
-sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
 sudo mkdir /usr/share/httpd/.composer
 sudo chown ${WWW_USER}:${WWW_USER} /usr/share/httpd/.composer
-cd $PATH_TO_MISP/app
+cd ${PATH_TO_MISP}/app
 # Update composer.phar (optional)
 #EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
-#$SUDO_WWW $RUN_PHP -- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+#${SUDO_WWW} $RUN_PHP -- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-#$SUDO_WWW $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
+#${SUDO_WWW} $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
-#$SUDO_WWW $RUN_PHP "php composer-setup.php"
+#${SUDO_WWW} $RUN_PHP "php composer-setup.php"
-#$SUDO_WWW $RUN_PHP -- php -r "unlink('composer-setup.php');"
+#${SUDO_WWW} $RUN_PHP -- php -r "unlink('composer-setup.php');"
-$SUDO_WWW $RUN_PHP "php composer.phar install"
+${SUDO_WWW} $RUN_PHP "php composer.phar install"
 sudo yum install php-redis -y
 sudo systemctl restart rh-php72-php-fpm.service
@ -267,30 +267,30 @@ done
 sudo systemctl restart rh-php72-php-fpm.service
 # To use the scheduler worker for scheduled tasks, do the following:
-sudo cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
+sudo cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
 ```
 ### 5/ Set the permissions
 ----------------------
 ```bash
 # Make sure the permissions are set correctly using the following commands as root:
-sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
-sudo find $PATH_TO_MISP -type d -exec chmod g=rx {} \;
+sudo find ${PATH_TO_MISP} -type d -exec chmod g=rx {} \;
-sudo chmod -R g+r,o= $PATH_TO_MISP
+sudo chmod -R g+r,o= ${PATH_TO_MISP}
-sudo chmod -R 750 $PATH_TO_MISP
+sudo chmod -R 750 ${PATH_TO_MISP}
-sudo chmod -R g+xws $PATH_TO_MISP/app/tmp
+sudo chmod -R g+xws ${PATH_TO_MISP}/app/tmp
-sudo chmod -R g+ws $PATH_TO_MISP/app/files
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
-sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp
-sudo chmod -R g+rw $PATH_TO_MISP/venv
+sudo chmod -R g+rw ${PATH_TO_MISP}/venv
-sudo chmod -R g+rw $PATH_TO_MISP/.git
+sudo chmod -R g+rw ${PATH_TO_MISP}/.git
-sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/files
+sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/files
-sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/files/terms
+sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/files/terms
-sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/files/scripts/tmp
+sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/files/scripts/tmp
-sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/Plugin/CakeResque/tmp
+sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/Plugin/CakeResque/tmp
-sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/Config
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/Config
-sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/tmp
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/tmp
-sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/webroot/img/orgs
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/webroot/img/orgs
-sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/webroot/img/custom
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/webroot/img/custom
 ```
 ### 6/ Create a database and user
@ -360,7 +360,7 @@ sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
 #### Import the empty MySQL database from MYSQL.sql
 ```bash
-$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
+${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
 ```
@ -376,10 +376,10 @@ $SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSW
    If it is disabled, you can ignore the **chcon/setsebool/semanage/checkmodule/semodule*** commands.
 ```bash
-# Now configure your apache server with the DocumentRoot $PATH_TO_MISP/app/webroot/
+# Now configure your apache server with the DocumentRoot ${PATH_TO_MISP}/app/webroot/
-# A sample vhost can be found in $PATH_TO_MISP/INSTALL/apache.misp.centos7
+# A sample vhost can be found in ${PATH_TO_MISP}/INSTALL/apache.misp.centos7
-sudo cp $PATH_TO_MISP/INSTALL/apache.misp.centos7.ssl /etc/httpd/conf.d/misp.ssl.conf
+sudo cp ${PATH_TO_MISP}/INSTALL/apache.misp.centos7.ssl /etc/httpd/conf.d/misp.ssl.conf
 sudo rm /etc/httpd/conf.d/ssl.conf
 sudo chmod 644 /etc/httpd/conf.d/misp.ssl.conf
 sudo sed -i '/Listen 80/a Listen 443' /etc/httpd/conf/httpd.conf
@ -399,27 +399,27 @@ cat /etc/pki/tls/certs/dhparam.pem |sudo tee -a /etc/pki/tls/certs/misp.local.cr
 sudo systemctl restart httpd.service
 # Since SELinux is enabled, we need to allow httpd to write to certain directories
-sudo chcon -t bin_t $PATH_TO_MISP/venv/bin/*
+sudo chcon -t bin_t ${PATH_TO_MISP}/venv/bin/*
-find $PATH_TO_MISP/venv -type f -name "*.so*" -or -name "*.so.*" | xargs sudo chcon -t lib_t
+find ${PATH_TO_MISP}/venv -type f -name "*.so*" -or -name "*.so.*" | xargs sudo chcon -t lib_t
-sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files
+sudo chcon -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/files
-sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/terms
+sudo chcon -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/files/terms
-sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/scripts/tmp
+sudo chcon -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/files/scripts/tmp
-sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Plugin/CakeResque/tmp
+sudo chcon -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/Plugin/CakeResque/tmp
-sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/Console/cake
+sudo chcon -t httpd_sys_script_exec_t ${PATH_TO_MISP}/app/Console/cake
-sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/Console/worker/*.sh
+sudo chcon -t httpd_sys_script_exec_t ${PATH_TO_MISP}/app/Console/worker/*.sh
-sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/*.py
+sudo chcon -t httpd_sys_script_exec_t ${PATH_TO_MISP}/app/files/scripts/*.py
-sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/*/*.py
+sudo chcon -t httpd_sys_script_exec_t ${PATH_TO_MISP}/app/files/scripts/*/*.py
-sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/lief/build/api/python/lief.so
+sudo chcon -t httpd_sys_script_exec_t ${PATH_TO_MISP}/app/files/scripts/lief/build/api/python/lief.so
-sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/Vendor/pear/crypt_gpg/scripts/crypt-gpg-pinentry
+sudo chcon -t httpd_sys_script_exec_t ${PATH_TO_MISP}/app/Vendor/pear/crypt_gpg/scripts/crypt-gpg-pinentry
 # Only run these if you want to be able to update MISP from the web interface
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/.git
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/.git
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/tmp
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/tmp
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Lib
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/Lib
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Config
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/Config
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/tmp
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/tmp
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/webroot/img/orgs
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/webroot/img/orgs
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/webroot/img/custom
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/webroot/img/custom
-sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/scripts/mispzmq
+sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/files/scripts/mispzmq
 ```
 !!! warning
@ -448,19 +448,19 @@ sudo firewall-cmd --reload
 ### 8/ Log rotation
 ---------------
 ```bash
-# MISP saves the stdout and stderr of its workers in $PATH_TO_MISP/app/tmp/logs
+# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
 # To rotate these logs install the supplied logrotate script:
-sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
 sudo chmod 0640 /etc/logrotate.d/misp
 # Now make logrotate work under SELinux as well
 # Allow logrotate to modify the log files
-sudo semanage fcontext -a -t httpd_log_t "$PATH_TO_MISP/app/tmp/logs(/.*)?"
+sudo semanage fcontext -a -t httpd_log_t "${PATH_TO_MISP}/app/tmp/logs(/.*)?"
-sudo chcon -R -t httpd_log_t $PATH_TO_MISP/app/tmp/logs
+sudo chcon -R -t httpd_log_t ${PATH_TO_MISP}/app/tmp/logs
 # Allow logrotate to read /var/www
-sudo checkmodule -M -m -o /tmp/misplogrotate.mod $PATH_TO_MISP/INSTALL/misplogrotate.te
+sudo checkmodule -M -m -o /tmp/misplogrotate.mod ${PATH_TO_MISP}/INSTALL/misplogrotate.te
 sudo semodule_package -o /tmp/misplogrotate.pp -m /tmp/misplogrotate.mod
 sudo semodule -i /tmp/misplogrotate.pp
 ```
@ -468,11 +468,11 @@ sudo semodule -i /tmp/misplogrotate.pp
 ### 9/ MISP configuration
 ---------------------
 ```bash
-# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
+# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
 echo "<?php
 class DATABASE_CONFIG {
@ -489,7 +489,7 @@ class DATABASE_CONFIG {
                'prefix' => '',
                'encoding' => 'utf8',
        );
-}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
+}" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php
 # Configure the fields in the newly created files:
 # config.php   : baseurl (example: 'baseurl' => 'http://misp',) - don't use "localhost" it causes issues when browsing externally
@ -511,14 +511,14 @@ class DATABASE_CONFIG {
 #   );
 #}
-# Important! Change the salt key in $PATH_TO_MISP/app/Config/config.php
+# Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php
 # The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
 # If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
 # delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
 # If you want to be able to change configuration parameters from the webinterface:
-sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/Config/config.php
+sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/Config/config.php
-sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Config/config.php
+sudo chcon -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/Config/config.php
 # Generate a GPG encryption key.
 cat >/tmp/gen-key-script <<EOF
@ -536,17 +536,17 @@ cat >/tmp/gen-key-script <<EOF
    %echo done
 EOF
-sudo gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
+sudo gpg --homedir ${PATH_TO_MISP}/.gnupg --batch --gen-key /tmp/gen-key-script
 sudo rm -f /tmp/gen-key-script
-sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/.gnupg
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/.gnupg
 # And export the public key to the webroot
-sudo gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sudo tee $PATH_TO_MISP/app/webroot/gpg.asc
+sudo gpg --homedir ${PATH_TO_MISP}/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sudo tee ${PATH_TO_MISP}/app/webroot/gpg.asc
-sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/webroot/gpg.asc
+sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/webroot/gpg.asc
 # Start the workers to enable background jobs
-sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
+sudo chmod +x ${PATH_TO_MISP}/app/Console/worker/start.sh
-$SUDO_WWW $RUN_PHP $PATH_TO_MISP/app/Console/worker/start.sh
+${SUDO_WWW} $RUN_PHP ${PATH_TO_MISP}/app/Console/worker/start.sh
 if [ ! -e /etc/rc.local ]
 then
@ -556,7 +556,7 @@ then
 fi
 # TODO: Fix static path with PATH_TO_MISP
-sudo sed -i -e '$i \su -s /bin/bash apache -c "scl enable rh-php72 $PATH_TO_MISP/app/Console/worker/start.sh" > /tmp/worker_start_rc.local.log\n' /etc/rc.local
+sudo sed -i -e '$i \su -s /bin/bash apache -c "scl enable rh-php72 ${PATH_TO_MISP}/app/Console/worker/start.sh" > /tmp/worker_start_rc.local.log\n' /etc/rc.local
 # Make sure it will execute
 sudo chmod +x /etc/rc.local
@ -571,23 +571,23 @@ sudo yum install openjpeg-devel -y
 sudo chmod 2777 /usr/local/src
 sudo chown root:users /usr/local/src
 cd /usr/local/src/
-$SUDO_WWW git clone https://github.com/MISP/misp-modules.git
+${SUDO_WWW} git clone https://github.com/MISP/misp-modules.git
 cd misp-modules
 # pip install
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
-$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 sudo yum install rubygem-rouge rubygem-asciidoctor -y
 ##sudo gem install asciidoctor-pdf --pre
 # install additional dependencies for extended object generation and extraction
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install maec python-magic pathlib
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install maec python-magic pathlib
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
 # Start misp-modules
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
 # TODO: Fix static path with PATH_TO_MISP
-sudo sed -i -e '$i \sudo -u apache $PATH_TO_MISP/venv/bin/misp-modules -l 127.0.0.1 -s &\n' /etc/rc.local
+sudo sed -i -e '$i \sudo -u apache ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s &\n' /etc/rc.local
 ```
 {!generic/misp-dashboard-centos.md!}
--- a/docs/xINSTALL.debian10.md
+++ b/docs/xINSTALL.debian10.md
@ -28,11 +28,11 @@ PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
 {!generic/ethX.md!}
-#### Add $MISP_USER to staff and $WWW_USER
+#### Add $MISP_USER to staff and ${WWW_USER}
 ```bash
 sudo adduser $MISP_USER staff
-sudo adduser $MISP_USER $WWW_USER
+sudo adduser $MISP_USER ${WWW_USER}
 ```
 #### Make sure your system is up2date and curl installed
@ -122,45 +122,45 @@ sudo systemctl restart apache2
 ------------
 ```bash
 # Download MISP using git in the /var/www/ directory.
-sudo mkdir $PATH_TO_MISP
+sudo mkdir ${PATH_TO_MISP}
-sudo chown $WWW_USER:$WWW_USER $PATH_TO_MISP
+sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
-cd $PATH_TO_MISP
+cd ${PATH_TO_MISP}
-$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
+${SUDO_WWW} git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}
-$SUDO_WWW git submodule update --init --recursive
+${SUDO_WWW} git submodule update --init --recursive
 # Make git ignore filesystem permission differences for submodules
-$SUDO_WWW git submodule foreach --recursive git config core.filemode false
+${SUDO_WWW} git submodule foreach --recursive git config core.filemode false
 # Make git ignore filesystem permission differences
-$SUDO_WWW git config core.filemode false
+${SUDO_WWW} git config core.filemode false
 # Create a python3 virtualenv
-$SUDO_WWW virtualenv -p python3 ${PATH_TO_MISP}/venv
+${SUDO_WWW} virtualenv -p python3 ${PATH_TO_MISP}/venv
 # make pip happy
 sudo mkdir /var/www/.cache/
-sudo chown $WWW_USER:$WWW_USER /var/www/.cache
+sudo chown ${WWW_USER}:${WWW_USER} /var/www/.cache
-cd $PATH_TO_MISP/app/files/scripts
+cd ${PATH_TO_MISP}/app/files/scripts
-$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
+${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git
-$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
+${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git
-$SUDO_WWW git clone https://github.com/MAECProject/python-maec.git
+${SUDO_WWW} git clone https://github.com/MAECProject/python-maec.git
 # install mixbox to accommodate the new STIX dependencies:
-$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
+${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git
-cd $PATH_TO_MISP/app/files/scripts/mixbox
+cd ${PATH_TO_MISP}/app/files/scripts/mixbox
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
-cd $PATH_TO_MISP/app/files/scripts/python-cybox
+cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
-cd $PATH_TO_MISP/app/files/scripts/python-stix
+cd ${PATH_TO_MISP}/app/files/scripts/python-stix
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
-cd $PATH_TO_MISP/app/files/scripts/python-maec
+cd ${PATH_TO_MISP}/app/files/scripts/python-maec
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # install STIX2.0 library to support STIX 2.0 export:
 cd ${PATH_TO_MISP}/cti-python-stix2
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # install PyMISP
-cd $PATH_TO_MISP/PyMISP
+cd ${PATH_TO_MISP}/PyMISP
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # FIXME: Remove libfaup etc once the egg has the library baked-in
 sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
 cd /tmp
@ -180,19 +180,19 @@ sudo make install
 sudo ldconfig
 # install pydeep
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
 # install lief
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install lief
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install lief
 # install zmq needed by mispzmq
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install zmq redis
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install zmq redis
 # install python-magic
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install python-magic
 # install plyara
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install plyara
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install plyara
 ```
 ### 4/ CakePHP
@ -206,24 +206,24 @@ $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install plyara
 ```bash
 # Install CakeResque along with its dependencies if you intend to use the built in background jobs:
-cd $PATH_TO_MISP/app
+cd ${PATH_TO_MISP}/app
 # Make composer cache happy
-sudo mkdir /var/www/.composer ; sudo chown $WWW_USER:$WWW_USER /var/www/.composer
+sudo mkdir /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer
 # Update composer.phar
-#$SUDO_WWW php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+#${SUDO_WWW} php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-#$SUDO_WWW php -r "if (hash_file('SHA384', 'composer-setup.php') === 'baf1608c33254d00611ac1705c1d9958c817a1a33bce370c0595974b342601bd80b92a3f46067da89e3b06bff421f182') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
+#${SUDO_WWW} php -r "if (hash_file('SHA384', 'composer-setup.php') === 'baf1608c33254d00611ac1705c1d9958c817a1a33bce370c0595974b342601bd80b92a3f46067da89e3b06bff421f182') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
-#$SUDO_WWW php composer-setup.php
+#${SUDO_WWW} php composer-setup.php
-#$SUDO_WWW php -r "unlink('composer-setup.php');"
+#${SUDO_WWW} php -r "unlink('composer-setup.php');"
-$SUDO_WWW php composer.phar install
+${SUDO_WWW} php composer.phar install
 # The following is potentially not needed, but just here in case of Keyboard/Chair failures
-$SUDO_WWW php composer.phar update
+${SUDO_WWW} php composer.phar update
 # Enable CakeResque with php-redis
 sudo phpenmod redis
 sudo phpenmod gnupg
 # To use the scheduler worker for scheduled tasks, do the following:
-$SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
+${SUDO_WWW} cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
 ```
@ -232,11 +232,11 @@ $SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin
 ```bash
 # Check if the permissions are set correctly using the following commands:
-sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
-sudo chmod -R 750 $PATH_TO_MISP
+sudo chmod -R 750 ${PATH_TO_MISP}
-sudo chmod -R g+ws $PATH_TO_MISP/app/tmp
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp
-sudo chmod -R g+ws $PATH_TO_MISP/app/files
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
-sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp
 ```
@ -265,16 +265,16 @@ sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
 #### Import the empty MISP database from MYSQL.sql
 ```bash
-$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
+${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
 ```
 ### 7/ Apache configuration
 -----------------------
 ```bash
-# Now configure your Apache webserver with the DocumentRoot $PATH_TO_MISP/app/webroot/
+# Now configure your Apache webserver with the DocumentRoot ${PATH_TO_MISP}/app/webroot/
 # If the apache version is 2.4:
-sudo cp $PATH_TO_MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
+sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
 # Be aware that the configuration files for apache 2.4 and up have changed.
 # The configuration file has to have the .conf extension in the sites-available directory
@ -305,8 +305,8 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
 <VirtualHost _default_:443>
        ServerAdmin admin@<your.FQDN.here>
        ServerName <your.FQDN.here>
-        DocumentRoot $PATH_TO_MISP/app/webroot
+        DocumentRoot ${PATH_TO_MISP}/app/webroot
-        <Directory $PATH_TO_MISP/app/webroot>
+        <Directory ${PATH_TO_MISP}/app/webroot>
                Options -Indexes
                AllowOverride all
                Require all granted
@ -349,21 +349,21 @@ sudo systemctl restart apache2
 ### 8/ Log rotation
 ---------------
 ```bash
-# MISP saves the stdout and stderr of its workers in $PATH_TO_MISP/app/tmp/logs
+# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
 # To rotate these logs install the supplied logrotate script:
-sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
 sudo chmod 0640 /etc/logrotate.d/misp
 ```
 ### 9/ MISP configuration
 ---------------------
 ```bash
-# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
+# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
 echo "<?php
@ -381,11 +381,11 @@ class DATABASE_CONFIG {
                'prefix' => '',
                'encoding' => 'utf8',
        );
-}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
+}" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php
 # and make sure the file permissions are still OK
-sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/app/Config
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/Config
-sudo chmod -R 750 $PATH_TO_MISP/app/Config
+sudo chmod -R 750 ${PATH_TO_MISP}/app/Config
 # Generate a GPG encryption key.
@ -404,14 +404,14 @@ cat >/tmp/gen-key-script <<EOF
    %echo done
 EOF
-$SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
+${SUDO_WWW} gpg --homedir ${PATH_TO_MISP}/.gnupg --batch --gen-key /tmp/gen-key-script
 # The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
 # And export the public key to the webroot
-$SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
+${SUDO_WWW} sh -c "gpg --homedir ${PATH_TO_MISP}/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/webroot/gpg.asc
 # To make the background workers start on boot
-sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
+sudo chmod +x ${PATH_TO_MISP}/app/Console/worker/start.sh
 echo "[Unit]
 Description=MISP background workers
@ -419,9 +419,9 @@ After=mariadb.service redis-server.service
 [Service]
 Type=forking
-User=$WWW_USER
+User=${WWW_USER}
-Group=$WWW_USER
+Group=${WWW_USER}
-ExecStart=$PATH_TO_MISP/app/Console/worker/start.sh
+ExecStart=${PATH_TO_MISP}/app/Console/worker/start.sh
 Restart=always
 RestartSec=10
@ -440,7 +440,7 @@ fi
 {!generic/MISP_CAKE_init.md!}
 ```bash
-# Add the following lines before the last line (exit 0). Make sure that you replace $WWW_USER with your apache user:
+# Add the following lines before the last line (exit 0). Make sure that you replace ${WWW_USER} with your apache user:
 sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
 sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
 sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
@ -476,7 +476,7 @@ echo "User  (misp) DB Password: $DBPASSWORD_MISP"
 #### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
 ```bash
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pyzmq
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install pyzmq
 ```
 #### MISP has a feature for publishing events to Kafka. To enable it, simply run the following commands
--- a/docs/xINSTALL.debian9.md
+++ b/docs/xINSTALL.debian9.md
@ -12,7 +12,7 @@
    Maintained and tested by @SteveClement on 20190702
 !!! warning
-    This install document is compiles a custom Python 3.7 meaning some things might be unexpected.
+    This install document compiles a custom Python 3.7 meaning some things might be unexpected.
    Debian stretch has Python 3.5 but we need at least python 3.6
@ -32,7 +32,7 @@ PHP_ETC_BASE=/etc/php/7.0
 PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
 sudo adduser $MISP_USER staff
-sudo adduser $MISP_USER $WWW_USER
+sudo adduser $MISP_USER ${WWW_USER}
 ```
 {!generic/sudo_etckeeper.md!}
@ -151,45 +151,45 @@ sudo systemctl restart apache2
 ------------
 ```bash
 # Download MISP using git in the /var/www/ directory.
-sudo mkdir $PATH_TO_MISP
+sudo mkdir ${PATH_TO_MISP}
-sudo chown $WWW_USER:$WWW_USER $PATH_TO_MISP
+sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
-cd $PATH_TO_MISP
+cd ${PATH_TO_MISP}
-$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
+false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}; done
-$SUDO_WWW git submodule update --init --recursive
+${SUDO_WWW} git submodule update --progress --init --recursive
 # Make git ignore filesystem permission differences for submodules
-$SUDO_WWW git submodule foreach --recursive git config core.filemode false
+${SUDO_WWW} git submodule foreach --recursive git config core.filemode false
 # Make git ignore filesystem permission differences
-$SUDO_WWW git config core.filemode false
+${SUDO_WWW} git config core.filemode false
 # Create a python3 virtualenv
-$SUDO_WWW virtualenv -p ~/opt/python3/bin/python3.7 ${PATH_TO_MISP}/venv
+${SUDO_WWW} virtualenv -p ~/opt/python3/bin/python3.7 ${PATH_TO_MISP}/venv
 # make pip happy
 sudo mkdir /var/www/.cache/
-sudo chown $WWW_USER:$WWW_USER /var/www/.cache
+sudo chown ${WWW_USER}:${WWW_USER} /var/www/.cache
-cd $PATH_TO_MISP/app/files/scripts
+cd ${PATH_TO_MISP}/app/files/scripts
-$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
+${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git
-$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
+${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git
-$SUDO_WWW git clone https://github.com/MAECProject/python-maec.git
+${SUDO_WWW} git clone https://github.com/MAECProject/python-maec.git
 # install mixbox to accommodate the new STIX dependencies:
-$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
+${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git
-cd $PATH_TO_MISP/app/files/scripts/mixbox
+cd ${PATH_TO_MISP}/app/files/scripts/mixbox
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
-cd $PATH_TO_MISP/app/files/scripts/python-cybox
+cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
-cd $PATH_TO_MISP/app/files/scripts/python-stix
+cd ${PATH_TO_MISP}/app/files/scripts/python-stix
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
-cd $PATH_TO_MISP/app/files/scripts/python-maec
+cd ${PATH_TO_MISP}/app/files/scripts/python-maec
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # install STIX2.0 library to support STIX 2.0 export:
 cd ${PATH_TO_MISP}/cti-python-stix2
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # install PyMISP
-cd $PATH_TO_MISP/PyMISP
+cd ${PATH_TO_MISP}/PyMISP
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 # FIXME: Remove libfaup etc once the egg has the library baked-in
 sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
 cd /tmp
@ -209,19 +209,19 @@ sudo make install
 sudo ldconfig
 # install pydeep
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
 # install lief
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install lief
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install lief
 # install zmq needed by mispzmq
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install zmq redis
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install zmq redis
 # install python-magic
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install python-magic
 # install plyara
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install plyara
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install plyara
 ```
 ### 4/ CakePHP
@ -230,23 +230,23 @@ $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install plyara
 ```bash
 # Install CakeResque along with its dependencies if you intend to use the built in background jobs:
-cd $PATH_TO_MISP/app
+cd ${PATH_TO_MISP}/app
 # Make composer cache happy
-sudo mkdir /var/www/.composer ; sudo chown $WWW_USER:$WWW_USER /var/www/.composer
+sudo mkdir /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer
 # Update composer.phar
 #EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
-# $SUDO_WWW php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+# ${SUDO_WWW} php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-# $SUDO_WWW php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
+# ${SUDO_WWW} php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
-# $SUDO_WWW php composer-setup.php
+# ${SUDO_WWW} php composer-setup.php
-# $SUDO_WWW php -r "unlink('composer-setup.php');"
+# ${SUDO_WWW} php -r "unlink('composer-setup.php');"
-$SUDO_WWW php composer.phar install
+${SUDO_WWW} php composer.phar install
 # Enable CakeResque with php-redis
 sudo phpenmod redis
 sudo phpenmod gnupg
 # To use the scheduler worker for scheduled tasks, do the following:
-$SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
+${SUDO_WWW} cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
 ```
@ -255,11 +255,11 @@ $SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin
 ```bash
 # Check if the permissions are set correctly using the following commands:
-sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
-sudo chmod -R 750 $PATH_TO_MISP
+sudo chmod -R 750 ${PATH_TO_MISP}
-sudo chmod -R g+ws $PATH_TO_MISP/app/tmp
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp
-sudo chmod -R g+ws $PATH_TO_MISP/app/files
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
-sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
+sudo chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp
 ```
@ -288,16 +288,16 @@ sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
 #### Import the empty MISP database from MYSQL.sql
 ```bash
-$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
+${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
 ```
 ### 7/ Apache configuration
 -----------------------
 ```bash
-# Now configure your Apache webserver with the DocumentRoot $PATH_TO_MISP/app/webroot/
+# Now configure your Apache webserver with the DocumentRoot ${PATH_TO_MISP}/app/webroot/
 # If the apache version is 2.4:
-sudo cp $PATH_TO_MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
+sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
 # Be aware that the configuration files for apache 2.4 and up have changed.
 # The configuration file has to have the .conf extension in the sites-available directory
@ -328,8 +328,8 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
 <VirtualHost _default_:443>
        ServerAdmin admin@<your.FQDN.here>
        ServerName <your.FQDN.here>
-        DocumentRoot $PATH_TO_MISP/app/webroot
+        DocumentRoot ${PATH_TO_MISP}/app/webroot
-        <Directory $PATH_TO_MISP/app/webroot>
+        <Directory ${PATH_TO_MISP}/app/webroot>
                Options -Indexes
                AllowOverride all
                Require all granted
@ -372,21 +372,21 @@ sudo systemctl restart apache2
 ### 8/ Log rotation
 ---------------
 ```bash
-# MISP saves the stdout and stderr of its workers in $PATH_TO_MISP/app/tmp/logs
+# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
 # To rotate these logs install the supplied logrotate script:
-sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
 sudo chmod 0640 /etc/logrotate.d/misp
 ```
 ### 9/ MISP configuration
 ---------------------
 ```bash
-# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
+# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
-$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
+${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
 echo "<?php
@ -404,11 +404,11 @@ class DATABASE_CONFIG {
                'prefix' => '',
                'encoding' => 'utf8',
        );
-}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
+}" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php
 # and make sure the file permissions are still OK
-sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/app/Config
+sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/Config
-sudo chmod -R 750 $PATH_TO_MISP/app/Config
+sudo chmod -R 750 ${PATH_TO_MISP}/app/Config
 # Generate a GPG encryption key.
@ -427,14 +427,14 @@ cat >/tmp/gen-key-script <<EOF
    %echo done
 EOF
-$SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
+${SUDO_WWW} gpg --homedir ${PATH_TO_MISP}/.gnupg --batch --gen-key /tmp/gen-key-script
 # The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
 # And export the public key to the webroot
-$SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
+${SUDO_WWW} sh -c "gpg --homedir ${PATH_TO_MISP}/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/webroot/gpg.asc
 # To make the background workers start on boot
-sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
+sudo chmod +x ${PATH_TO_MISP}/app/Console/worker/start.sh
 echo "[Unit]
 Description=MISP background workers
@ -442,9 +442,9 @@ After=mariadb.service redis-server.service
 [Service]
 Type=forking
-User=$WWW_USER
+User=${WWW_USER}
-Group=$WWW_USER
+Group=${WWW_USER}
-ExecStart=$PATH_TO_MISP/app/Console/worker/start.sh
+ExecStart=${PATH_TO_MISP}/app/Console/worker/start.sh
 Restart=always
 RestartSec=10
@ -463,7 +463,7 @@ fi
 {!generic/MISP_CAKE_init.md!}
 ```bash
-# Add the following lines before the last line (exit 0). Make sure that you replace $WWW_USER with your apache user:
+# Add the following lines before the last line (exit 0). Make sure that you replace ${WWW_USER} with your apache user:
 sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
 sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
 sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
@ -499,7 +499,7 @@ echo "User  (misp) DB Password: $DBPASSWORD_MISP"
 #### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
 ```bash
-$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pyzmq
+${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install pyzmq
 ```
 #### MISP has a feature for publishing events to Kafka. To enable it, simply run the following commands
--- a/docs/xINSTALL.tsurugi.md
+++ b/docs/xINSTALL.tsurugi.md
@ -84,7 +84,7 @@ function installMISPonTsurugi() {
  PATH_TO_MISP='/var/www/MISP'
  MISP_BASEURL='https://misp.local'
  MISP_LIVE='1'
-  CAKE="$PATH_TO_MISP/app/Console/cake"
+  CAKE="${PATH_TO_MISP}/app/Console/cake"
  # Database configuration
  DBHOST='localhost'
@ -184,12 +184,12 @@ function installMISPonTsurugi() {
  #update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
  #update-alternatives --install /usr/bin/python python /usr/bin/python3.5 2
-  mkdir $PATH_TO_MISP
+  mkdir ${PATH_TO_MISP}
-  chown www-data:www-data $PATH_TO_MISP
+  chown www-data:www-data ${PATH_TO_MISP}
-  cd $PATH_TO_MISP
+  cd ${PATH_TO_MISP}
-  $SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
+  ${SUDO_WWW} git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}
-  $SUDO_WWW git config core.filemode false
+  ${SUDO_WWW} git config core.filemode false
  cp -p /etc/lsb-release /etc/lsb-release.tmp
  sudo sed -i 's/TSURUGI/Ubuntu/g' /etc/lsb-release
@ -198,45 +198,45 @@ function installMISPonTsurugi() {
  sudo apt-get update
  sudo apt-get install python3.6 python3.6-dev -y
  mv /etc/lsb-release.tmp /etc/lsb-release
-  $SUDO_WWW virtualenv -p python3.6 $PATH_TO_MISP/venv
+  ${SUDO_WWW} virtualenv -p python3.6 ${PATH_TO_MISP}/venv
-  cd $PATH_TO_MISP/app/files/scripts
+  cd ${PATH_TO_MISP}/app/files/scripts
-  $SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
+  ${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git
-  $SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
+  ${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git
-  $SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
+  ${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git
  mkdir /var/www/.cache
  chown www-data:www-data /var/www/.cache
-  cd $PATH_TO_MISP/app/files/scripts/python-stix
+  cd ${PATH_TO_MISP}/app/files/scripts/python-stix
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
-  cd $PATH_TO_MISP/app/files/scripts/python-cybox
+  cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
-  cd $PATH_TO_MISP/app/files/scripts/mixbox
+  cd ${PATH_TO_MISP}/app/files/scripts/mixbox
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
-  cd $PATH_TO_MISP
+  cd ${PATH_TO_MISP}
-  $SUDO_WWW git submodule update --init --recursive
+  ${SUDO_WWW} git submodule update --init --recursive
  # Make git ignore filesystem permission differences for submodules
-  $SUDO_WWW git submodule foreach --recursive git config core.filemode false
+  ${SUDO_WWW} git submodule foreach --recursive git config core.filemode false
  # install PyMISP
-  cd $PATH_TO_MISP/PyMISP
+  cd ${PATH_TO_MISP}/PyMISP
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
-  cd $PATH_TO_MISP/app
+  cd ${PATH_TO_MISP}/app
  mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
-  $SUDO_WWW php composer.phar install
+  ${SUDO_WWW} php composer.phar install
-  $SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
+  ${SUDO_WWW} cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
-  chown -R www-data:www-data $PATH_TO_MISP
+  chown -R www-data:www-data ${PATH_TO_MISP}
-  chmod -R 750 $PATH_TO_MISP
+  chmod -R 750 ${PATH_TO_MISP}
-  chmod -R g+ws $PATH_TO_MISP/app/tmp
+  chmod -R g+ws ${PATH_TO_MISP}/app/tmp
-  chmod -R g+ws $PATH_TO_MISP/app/files
+  chmod -R g+ws ${PATH_TO_MISP}/app/files
-  chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
+  chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp
  if [ ! -e /var/lib/mysql/misp/users.ibd ]; then
    echo "
@ -269,7 +269,7 @@ function installMISPonTsurugi() {
    update-rc.d apache2 enable
    update-rc.d redis-server enable
-    $SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
+    ${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
    echo "<?php
  class DATABASE_CONFIG {
@ -286,7 +286,7 @@ function installMISPonTsurugi() {
                  'prefix' => '',
                  'encoding' => 'utf8',
          );
-  }" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
+  }" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php
  else
    echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
    echo "Skipping any creations…"
@ -307,9 +307,9 @@ function installMISPonTsurugi() {
  cd /var/www
  mkdir misp-dashboard
  chown www-data:www-data misp-dashboard
-  $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
+  ${SUDO_WWW} git clone https://github.com/MISP/misp-dashboard.git
  cd misp-dashboard
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install zmq redis
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install zmq redis
  /var/www/misp-dashboard/install_dependencies.sh
  sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
  sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
@ -319,7 +319,7 @@ function installMISPonTsurugi() {
  sed -i -e '$i \    echo "Updating ${d}"\n' /etc/rc.local
  sed -i -e '$i \    cd $d && sudo git pull &\n' /etc/rc.local
  sed -i -e '$i \done\n' /etc/rc.local
-  $SUDO_WWW bash /var/www/misp-dashboard/start_all.sh
+  ${SUDO_WWW} bash /var/www/misp-dashboard/start_all.sh
  apt install libapache2-mod-wsgi-py3 -y
@ -338,9 +338,9 @@ function installMISPonTsurugi() {
  <VirtualHost _default_:443>
          ServerAdmin admin@localhost.lu
          ServerName misp.local
-          DocumentRoot $PATH_TO_MISP/app/webroot
+          DocumentRoot ${PATH_TO_MISP}/app/webroot
-          <Directory $PATH_TO_MISP/app/webroot>
+          <Directory ${PATH_TO_MISP}/app/webroot>
                  Options -Indexes
                  AllowOverride all
  		            Require all granted
@ -413,15 +413,15 @@ function installMISPonTsurugi() {
  systemctl restart apache2
-  cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+  cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
  chmod 0640 /etc/logrotate.d/misp
-  $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
+  ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
-  $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
+  ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
-  $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
+  ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
-  chown -R www-data:www-data $PATH_TO_MISP/app/Config
+  chown -R www-data:www-data ${PATH_TO_MISP}/app/Config
-  chmod -R 750 $PATH_TO_MISP/app/Config
+  chmod -R 750 ${PATH_TO_MISP}/app/Config
  $CAKE Live $MISP_LIVE
  $CAKE Baseurl $MISP_BASEURL
@ -438,11 +438,11 @@ function installMISPonTsurugi() {
      %commit
  %echo done" > /tmp/gen-key-script
-  $SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
+  ${SUDO_WWW} gpg --homedir ${PATH_TO_MISP}/.gnupg --batch --gen-key /tmp/gen-key-script
-  $SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
+  ${SUDO_WWW} sh -c "gpg --homedir ${PATH_TO_MISP}/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/webroot/gpg.asc
-  chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
+  chmod +x ${PATH_TO_MISP}/app/Console/worker/start.sh
  $CAKE userInit -q
  $CAKE Admin updateDatabase
@ -542,7 +542,7 @@ function installMISPonTsurugi() {
  sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
  sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
  sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log 2> /dev/null &\n' /etc/rc.local
-  $SUDO_WWW bash $PATH_TO_MISP/app/Console/worker/start.sh
+  ${SUDO_WWW} bash ${PATH_TO_MISP}/app/Console/worker/start.sh
  cd /usr/local/src/
  git clone https://github.com/MISP/misp-modules.git
  cd misp-modules
@ -550,14 +550,14 @@ function installMISPonTsurugi() {
  chown www-data .
  apt install libpq5 libjpeg-dev tesseract-ocr libpoppler-cpp-dev imagemagick libopencv-dev zbar-tools libzbar0 libzbar-dev libfuzzy-dev -y
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -I .
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -I .
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install maec python-magic wand lief yara-python plyara
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install maec python-magic wand lief yara-python plyara
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install stix2
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install stix2
  gem install pygments.rb
  gem install asciidoctor-pdf --pre
-  $SUDO_WWW $PATH_TO_MISP/venv/bin/misp-modules -l 127.0.0.1 -s &
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s &
  $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
  $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
  $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
@ -603,11 +603,11 @@ function installMISPonTsurugi() {
    sleep 6
  done
-  chown -R www-data:www-data $PATH_TO_MISP
+  chown -R www-data:www-data ${PATH_TO_MISP}
-  chmod -R 750 $PATH_TO_MISP
+  chmod -R 750 ${PATH_TO_MISP}
-  chmod -R g+ws $PATH_TO_MISP/app/tmp
+  chmod -R g+ws ${PATH_TO_MISP}/app/tmp
-  chmod -R g+ws $PATH_TO_MISP/app/files
+  chmod -R g+ws ${PATH_TO_MISP}/app/files
-  chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
+  chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp
  cd /usr/local/src/
--- a/docs/xINSTALL.ubuntu1804.with.webmin.md
+++ b/docs/xINSTALL.ubuntu1804.with.webmin.md
@ -173,25 +173,25 @@ git submodule foreach --recursive git config core.filemode false
 # Create a python3 virtualenv
 virtualenv -p python3 ${PATH_TO_MISP}/venv
-cd $PATH_TO_MISP/app/files/scripts
+cd ${PATH_TO_MISP}/app/files/scripts
 git clone https://github.com/CybOXProject/python-cybox.git
 git clone https://github.com/STIXProject/python-stix.git
 git clone https://github.com/MAECProject/python-maec.git
-cd $PATH_TO_MISP/app/files/scripts/python-cybox
+cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
 ${PATH_TO_MISP}/venv/bin/pip install .
-cd $PATH_TO_MISP/app/files/scripts/python-stix
+cd ${PATH_TO_MISP}/app/files/scripts/python-stix
 ${PATH_TO_MISP}/venv/bin/pip install .
-cd $PATH_TO_MISP/app/files/scripts/python-maec
+cd ${PATH_TO_MISP}/app/files/scripts/python-maec
 ${PATH_TO_MISP}/venv/bin/pip install .
 # install mixbox to accommodate the new STIX dependencies:
-cd $PATH_TO_MISP/app/files/scripts/
+cd ${PATH_TO_MISP}/app/files/scripts/
 git clone https://github.com/CybOXProject/mixbox.git
-cd $PATH_TO_MISP/app/files/scripts/mixbox
+cd ${PATH_TO_MISP}/app/files/scripts/mixbox
 ${PATH_TO_MISP}/venv/bin/pip install .
 # install PyMISP
-cd $PATH_TO_MISP/PyMISP
+cd ${PATH_TO_MISP}/PyMISP
 ${PATH_TO_MISP}/venv/bin/pip install .
 ```
@ -243,7 +243,7 @@ flush privileges;
 exit
 # Import the empty MISP database from MYSQL.sql
-sudo -u ${VIRT_USER} cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
+sudo -u ${VIRT_USER} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
 ```
@ -344,11 +344,11 @@ cat >/tmp/gen-key-script <<EOF
    %echo done
 EOF
-gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
+gpg --homedir ${PATH_TO_MISP}/.gnupg --batch --gen-key /tmp/gen-key-script
 # The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
 # And export the public key to the webroot
-sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | tee $PATH_TO_MISP/app/webroot/gpg.asc
+sh -c "gpg --homedir ${PATH_TO_MISP}/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | tee ${PATH_TO_MISP}/app/webroot/gpg.asc
 # If you get no satisfaction with your entropy install this:
 sudo apt-get install haveged pv
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -38,8 +38,7 @@ theme:
 markdown_extensions:
  - markdown_include.include:
      base_path: docs
-  # mkdcomments is buggy atm, see: https://github.com/ryneeverett/python-markdown-comments/issues/3
+  - mkdcomments
  #- mkdcomments
  - markdown.extensions.admonition
  - markdown.extensions.codehilite:
      guess_lang: false
@ -75,12 +74,10 @@ nav:
      - 'RHEL8/CentOS8': 'INSTALL.rhel8.md'
    - xInstall Guides: 
      - 'Warning': 'xINSTALL.md'
      - 'Centos 6': 'xINSTALL.centos6.md'
      - 'Debian 10': 'xINSTALL.debian10.md'
      - 'Debian 9': 'xINSTALL.debian9.md'
      - 'Ubuntu 18.04 \w webmin': 'xINSTALL.ubuntu1804.with.webmin.md'
      - 'Tsurugi Linux': 'xINSTALL.tsurugi.md'
-      - 'OpenBSD 6.6': 'xINSTALL.OpenBSD.md'
+      - 'OpenBSD 6.7': 'xINSTALL.OpenBSD.md'
    - Config Guides:
      - 'Elastic Search Logging': 'CONFIG.elasticsearch-logging.md'
      - 'Amazon S3 attachments': 'CONFIG.s3-attachments.md'
@ -90,6 +87,8 @@ nav:
    - Old guides:
      - '2.3 to 2.4 upgrade': 'archive/old-2_3to2_4-UPGRADE.md'
      - 'Ubuntu 16.04': 'archive/INSTALL.ubuntu1604.md'
      - 'Debian 9': 'xINSTALL.debian9.md'
      - 'Centos 6': 'xINSTALL.centos6.md'
      - 'FreeBSD': 'archive/xINSTALL.FreeBSD.md'
    - About:
      - 'MISP Release Notes': 'Changelog.md'
		`@ -1 +1 @@`
			`Subproject commit 5ccb12354dfc08ca1b3e0a430e8668bf1610b5d3`				`Subproject commit 59e12788fc406ee66180f41e8a2840b841c6051a`
`@ -1 +1 @@`
	`<span id = "<?php echo $type?>InfoPopover" class="icon-info-sign" data-toggle="popover" data-field="<?php echo $type; ?>"></span>`	`<span id="<?php echo $type?>InfoPopover" class="fas fa-info-circle" data-toggle="popover" data-field="<?php echo $type; ?>"></span>`
		`@ -1 +1 @@`
			`Subproject commit dee9a564606ba92c50f13b53884bceaacf6c4522`				`Subproject commit 313003ed655c1c3c06734e7ed3dbb514fa1047eb`