2023-09-28 09:58:46 +02:00
|
|
|
##
|
|
|
|
# Build-time variables
|
|
|
|
##
|
|
|
|
|
2024-09-02 19:52:51 +02:00
|
|
|
CORE_TAG=v2.4.197
|
|
|
|
MODULES_TAG=v2.4.197
|
2022-09-03 13:59:35 +02:00
|
|
|
PHP_VER=20190902
|
2023-09-12 11:23:20 +02:00
|
|
|
LIBFAUP_COMMIT=3a26d0a
|
2023-08-01 17:59:47 +02:00
|
|
|
|
2023-10-08 14:52:51 +02:00
|
|
|
# PYPY_* vars take precedence over MISP's
|
|
|
|
# PYPI_REDIS_VERSION="==5.0.*"
|
|
|
|
# PYPI_LIEF_VERSION=">=0.13.1"
|
|
|
|
# PYPI_PYDEEP2_VERSION="==0.5.*"
|
|
|
|
# PYPI_PYTHON_MAGIC_VERSION="==0.4.*"
|
|
|
|
# PYPI_MISP_LIB_STIX2_VERSION="==3.0.*"
|
|
|
|
# PYPI_MAEC_VERSION="==4.1.*"
|
|
|
|
# PYPI_MIXBOX_VERSION="==1.0.*"
|
|
|
|
# PYPI_CYBOX_VERSION="==2.1.*"
|
2023-11-23 18:42:53 +01:00
|
|
|
# PYPI_PYMISP_VERSION="==2.4.178"
|
2024-08-06 13:37:15 +02:00
|
|
|
# PYPI_MISP_STIX_VERSION"==2.4.194"
|
2023-09-15 12:50:30 +02:00
|
|
|
|
2023-12-08 09:45:49 +01:00
|
|
|
# CORE_COMMIT takes precedence over CORE_TAG
|
|
|
|
# CORE_COMMIT=c56d537
|
2022-09-03 13:59:35 +02:00
|
|
|
# MODULES_COMMIT takes precedence over MODULES_TAG
|
|
|
|
# MODULES_COMMIT=de69ae3
|
|
|
|
|
2023-09-28 09:58:46 +02:00
|
|
|
##
|
|
|
|
# Run-time variables
|
|
|
|
##
|
|
|
|
|
2024-08-24 14:50:19 +02:00
|
|
|
# CORE_RUNNING_TAG=latest
|
|
|
|
# MODULES_RUNNING_TAG=latest
|
|
|
|
|
2023-08-01 17:59:47 +02:00
|
|
|
# Email/username for user #1, defaults to MISP's default (admin@admin.test)
|
2022-09-03 13:59:35 +02:00
|
|
|
ADMIN_EMAIL=
|
2023-08-01 17:59:47 +02:00
|
|
|
# name of org #1, default to MISP's default (ORGNAME)
|
2022-09-03 13:59:35 +02:00
|
|
|
ADMIN_ORG=
|
2023-08-01 17:59:47 +02:00
|
|
|
# defaults to an automatically generated one
|
2022-09-03 13:59:35 +02:00
|
|
|
ADMIN_KEY=
|
2023-08-01 17:59:47 +02:00
|
|
|
# defaults to MISP's default (admin)
|
2023-05-14 17:56:55 +02:00
|
|
|
ADMIN_PASSWORD=
|
2023-08-01 17:59:47 +02:00
|
|
|
# defaults to 'passphrase'
|
2022-09-03 13:59:35 +02:00
|
|
|
GPG_PASSPHRASE=
|
2023-08-01 17:59:47 +02:00
|
|
|
# defaults to 1 (the admin user)
|
2023-05-15 13:13:25 +02:00
|
|
|
CRON_USER_ID=
|
2023-08-01 17:59:47 +02:00
|
|
|
# defaults to 'https://localhost'
|
2023-12-22 11:02:20 +01:00
|
|
|
BASE_URL=
|
2024-06-06 10:30:12 +02:00
|
|
|
# store settings in db except those that must stay in config.php. true/false, defaults to false
|
|
|
|
ENABLE_DB_SETTINGS=
|
2024-08-13 15:23:37 +02:00
|
|
|
# encryption key. defaults to empty string
|
|
|
|
ENCRYPTION_KEY=
|
2024-09-03 13:45:51 +02:00
|
|
|
# enable background updates. defaults to false
|
|
|
|
ENABLE_BACKGROUND_UPDATES=
|
2022-12-06 18:13:23 +01:00
|
|
|
|
2024-06-20 10:01:30 +02:00
|
|
|
# defines the FQDN of the mail sub-system (defaults to 'mail')
|
|
|
|
# SMTP_FQDN=
|
2024-06-20 09:57:30 +02:00
|
|
|
|
2022-12-06 18:13:23 +01:00
|
|
|
# optional and used by the mail sub-system
|
2022-09-03 13:59:35 +02:00
|
|
|
SMARTHOST_ADDRESS=
|
|
|
|
SMARTHOST_PORT=
|
|
|
|
SMARTHOST_USER=
|
|
|
|
SMARTHOST_PASSWORD=
|
|
|
|
SMARTHOST_ALIASES=
|
2022-11-18 00:15:56 +01:00
|
|
|
|
2023-08-01 17:59:47 +02:00
|
|
|
# optional comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1)
|
|
|
|
# For this to work ADMIN_KEY must be set, or AUTOGEN_ADMIN_KEY must be true (default)
|
2022-12-06 18:13:23 +01:00
|
|
|
SYNCSERVERS=
|
2023-05-13 15:17:53 +02:00
|
|
|
# note: if you have more than one syncserver, you need to update docker-compose.yml
|
2022-12-06 18:13:23 +01:00
|
|
|
SYNCSERVERS_1_URL=
|
|
|
|
SYNCSERVERS_1_NAME=
|
|
|
|
SYNCSERVERS_1_UUID=
|
|
|
|
SYNCSERVERS_1_KEY=
|
2024-08-06 14:18:32 +02:00
|
|
|
# pull rules are JSON encoded (and escaped) dictionaries
|
|
|
|
# Example: only pull events where the analysis is complete
|
|
|
|
# SYNCSERVERS_1_PULL_RULES='{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"{\\\"searchanalysis\\\": \\\"2\\\"}\"}'
|
|
|
|
SYNCSERVERS_1_PULL_RULES=
|
2023-08-01 17:59:47 +02:00
|
|
|
|
2023-10-16 11:20:00 +02:00
|
|
|
# optional and used to set mysql db and credentials
|
|
|
|
# MYSQL_HOST=
|
|
|
|
# MYSQL_PORT=
|
|
|
|
# MYSQL_USER=
|
|
|
|
# MYSQL_PASSWORD=
|
|
|
|
# MYSQL_ROOT_PASSWORD=
|
|
|
|
# MYSQL_DATABASE=
|
|
|
|
|
2024-08-13 15:23:45 +02:00
|
|
|
# optional and used to set redis password
|
2024-08-20 21:08:02 +02:00
|
|
|
# REDIS_HOST=
|
|
|
|
# REDIS_PORT=
|
2024-08-13 15:23:45 +02:00
|
|
|
# REDIS_PASSWORD=
|
|
|
|
|
2023-08-01 17:59:47 +02:00
|
|
|
# These variables allows overriding some MISP email values.
|
|
|
|
# They all default to ADMIN_EMAIL.
|
|
|
|
|
|
|
|
# MISP.email, used for notifications. Also used
|
|
|
|
# for GnuPG.email and GPG autogeneration.
|
|
|
|
# MISP_EMAIL=
|
|
|
|
|
|
|
|
# MISP.contact, the e-mail address that
|
|
|
|
# MISP should include as a contact address
|
|
|
|
# for the instance's support team.
|
|
|
|
# MISP_CONTACT=
|
|
|
|
|
|
|
|
# Enable GPG autogeneration (default true)
|
|
|
|
# AUTOCONF_GPG=true
|
|
|
|
|
|
|
|
# Enable admin (user #1) API key autogeneration
|
|
|
|
# if ADMIN_KEY is not set above (default true)
|
|
|
|
# AUTOGEN_ADMIN_KEY=true
|
2023-09-25 22:40:13 +02:00
|
|
|
|
2024-03-01 13:57:53 +01:00
|
|
|
# Disable IPv6 completely
|
2023-09-25 22:40:13 +02:00
|
|
|
# DISABLE_IPV6=true
|
2023-12-11 11:23:04 +01:00
|
|
|
|
2024-03-01 13:57:53 +01:00
|
|
|
# Disable SSL redirect
|
|
|
|
# DISABLE_SSL_REDIRECT=true
|
|
|
|
|
2023-12-11 11:23:04 +01:00
|
|
|
# Enable OIDC authentication, according to https://github.com/MISP/MISP/blob/2.4/app/Plugin/OidcAuth/README.md
|
|
|
|
# OIDC_ENABLE=true
|
|
|
|
# OIDC_PROVIDER_URL=
|
|
|
|
# OIDC_CLIENT_ID=
|
|
|
|
# OIDC_CLIENT_SECRET=
|
2023-12-11 12:19:49 +01:00
|
|
|
# OIDC_ROLES_PROPERTY="roles"
|
2024-05-09 11:03:55 +02:00
|
|
|
# OIDC_ROLES_MAPPING="{\"admin\": \"1\"}"
|
2023-12-11 12:19:49 +01:00
|
|
|
# OIDC_DEFAULT_ORG=
|
2024-02-21 18:04:41 +01:00
|
|
|
|
|
|
|
# Enable LDAP (using the ApacheSecureAuth component) authentication, according to https://github.com/MISP/MISP/issues/6189
|
2024-06-26 15:35:40 +02:00
|
|
|
# NOTE: Once you enable LDAP authentication with the ApacheSecureAuth component,
|
|
|
|
# users should not be able to control the HTTP header configured in LDAP_APACHE_ENV
|
|
|
|
# (e.g. REMOTE_USER), this means you must not allow direct access to MISP.
|
|
|
|
# NOTE 2: You need to escape special characters twice, e.g., "pass\word" becomes "pass\\\\word".
|
2024-02-21 18:04:41 +01:00
|
|
|
# LDAP_ENABLE=true
|
|
|
|
# LDAP_APACHE_ENV="REMOTE_USER"
|
|
|
|
# LDAP_SERVER="ldap://your_domain_controller"
|
|
|
|
# LDAP_STARTTLS=true
|
|
|
|
# LDAP_READER_USER="CN=service_account_name,OU=Users,DC=domain,DC=net"
|
2024-06-26 15:35:40 +02:00
|
|
|
# LDAP_READER_PASSWORD="password"
|
2024-02-21 18:04:41 +01:00
|
|
|
# LDAP_DN="OU=Users,DC=domain,DC=net"
|
|
|
|
# LDAP_SEARCH_FILTER=""
|
|
|
|
# LDAP_SEARCH_ATTRIBUTE="uid"
|
|
|
|
# LDAP_FILTER="[\"mail\", \"uid\", \"cn\" ]"
|
|
|
|
# LDAP_DEFAULT_ROLE_ID="3"
|
|
|
|
# LDAP_DEFAULT_ORG="1"
|
|
|
|
# LDAP_EMAIL_FIELD="[\"mail\"]"
|
|
|
|
# LDAP_OPT_PROTOCOL_VERSION="3"
|
|
|
|
# LDAP_OPT_NETWORK_TIMEOUT="-1"
|
|
|
|
# LDAP_OPT_REFERRALS=false
|
2024-04-10 17:56:44 +02:00
|
|
|
|
|
|
|
# Enable Azure AD (Entra) authentication, according to https://github.com/MISP/MISP/blob/2.4/app/Plugin/AadAuth/README.md
|
2024-04-12 20:54:43 +02:00
|
|
|
# AAD_ENABLE=true
|
2024-04-10 17:56:44 +02:00
|
|
|
# AAD_CLIENT_ID=
|
|
|
|
# AAD_TENANT_ID=
|
|
|
|
# AAD_CLIENT_SECRET=
|
|
|
|
# AAD_REDIRECT_URI="https://misp.mydomain.com/users/login"
|
|
|
|
# AAD_PROVIDER="https://login.microsoftonline.com/"
|
|
|
|
# AAD_PROVIDER_USER="https://graph.microsoft.com/"
|
|
|
|
# AAD_MISP_USER="Misp Users"
|
|
|
|
# AAD_MISP_ORGADMIN="Misp Org Admins"
|
|
|
|
# AAD_MISP_SITEADMIN="Misp Site Admins"
|
|
|
|
# AAD_CHECK_GROUPS=false
|
2024-06-06 13:41:12 +02:00
|
|
|
|
|
|
|
# Enable the use of a Proxy server
|
|
|
|
# PROXY_ENABLE=true
|
|
|
|
# PROXY_HOST=
|
|
|
|
# PROXY_PORT=
|
|
|
|
# PROXY_METHOD=
|
|
|
|
# PROXY_USER=
|
|
|
|
# PROXY_PASSWORD=
|
2024-06-11 13:36:39 +02:00
|
|
|
|
|
|
|
# Enable debugging
|
|
|
|
# ALWAYS SET THIS TO 0 IN PRODUCTION
|
|
|
|
# 0 - Debug off (default)
|
|
|
|
# 1 - Debug on
|
|
|
|
# 2 - Debug on + SQL dump
|
|
|
|
# DEBUG=
|
2024-08-24 14:50:19 +02:00
|
|
|
|
|
|
|
# FastCGI configuration
|
|
|
|
# FASTCGI_READ_TIMEOUT=300s
|
|
|
|
# FASTCGI_SEND_TIMEOUT=300s
|
|
|
|
# FASTCGI_CONNECT_TIMEOUT=300s
|
|
|
|
|
|
|
|
# PHP fpm configuration
|
2024-09-02 19:52:51 +02:00
|
|
|
# PHP_MEMORY_LIMIT=2048M
|
2024-08-24 14:50:19 +02:00
|
|
|
# PHP_MAX_EXECUTION_TIME=300
|
|
|
|
# PHP_UPLOAD_MAX_FILESIZE=50M
|
|
|
|
# PHP_POST_MAX_SIZE=50M
|
|
|
|
# PHP_MAX_INPUT_TIME=300
|
2024-08-30 08:51:40 +02:00
|
|
|
|
|
|
|
# MariaSQL/MySQL (InnoDB) configuration
|
|
|
|
# INNODB_BUFFER_POOL_SIZE=2048M
|
|
|
|
# INNODB_CHANGE_BUFFERING=none
|
|
|
|
# INNODB_IO_CAPACITY=1000
|
|
|
|
# INNODB_IO_CAPACITY_MAX=2000
|
|
|
|
# INNODB_LOG_FILE_SIZE=600M
|
|
|
|
# INNODB_READ_IO_THREADS=16
|
|
|
|
# INNODB_STATS_PERSISTENT=ON
|
|
|
|
# INNODB_WRITE_IO_THREADS=4
|
2024-09-12 11:11:15 +02:00
|
|
|
|
|
|
|
# Whether to enable processing of the X-Forwarded-For header (default to false)
|
|
|
|
# NGINX_X_FORWARDED_FOR=true
|
|
|
|
# Comma separated list of trusted IP addresses
|
|
|
|
# NGINX_SET_REAL_IP_FROM=127.0.0.1
|