MISP
/
misp-docker
mirror of https://github.com/MISP/misp-docker
2
0
Fork 0
Code Issues Releases Wiki Activity

Read hostname and cron user id from environment variables

pull/1/head
Stefano Ortolani 2023-05-15 12:13:25 +01:00
parent 366fb0e6b0
commit 0f158150a0
6 changed files with 75 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docker-compose.yml
View File

@ -51,8 +51,8 @@ services:
# customize by replacing ${CUSTOM_PATH} with a path containing 'files/customize_misp.sh' # customize by replacing ${CUSTOM_PATH} with a path containing 'files/customize_misp.sh'
# - "${CUSTOM_PATH}/:/custom/" # - "${CUSTOM_PATH}/:/custom/"
environment: environment:
- "HOSTNAME=https://localhost" - "HOSTNAME=${HOSTNAME}"
- "CRON_USER_ID=1" - "CRON_USER_ID=${CRON_USER_ID}"
# standard settings # standard settings
- "ADMIN_EMAIL=${ADMIN_EMAIL}" - "ADMIN_EMAIL=${ADMIN_EMAIL}"
- "ADMIN_PASSWORD=${ADMIN_PASSWORD}" - "ADMIN_PASSWORD=${ADMIN_PASSWORD}"

4
server/Dockerfile
View File

@ -150,7 +150,7 @@ ARG PHP_VER
RUN pip3 install --no-cache-dir /wheels/*.whl && rm -rf /wheels RUN pip3 install --no-cache-dir /wheels/*.whl && rm -rf /wheels
# PHP # PHP
# Install ssdeep prebuild, latest composer, then install the app's PHP deps # Install prebuilt libraries, latest composer, then install the app's PHP deps
COPY --from=php-build /usr/lib/php/${PHP_VER}/ssdeep.so /usr/lib/php/${PHP_VER}/ssdeep.so COPY --from=php-build /usr/lib/php/${PHP_VER}/ssdeep.so /usr/lib/php/${PHP_VER}/ssdeep.so
COPY --from=php-build /usr/lib/php/${PHP_VER}/rdkafka.so /usr/lib/php/${PHP_VER}/rdkafka.so COPY --from=php-build /usr/lib/php/${PHP_VER}/rdkafka.so /usr/lib/php/${PHP_VER}/rdkafka.so
COPY --from=php-build /usr/lib/php/${PHP_VER}/brotli.so /usr/lib/php/${PHP_VER}/brotli.so COPY --from=php-build /usr/lib/php/${PHP_VER}/brotli.so /usr/lib/php/${PHP_VER}/brotli.so
@ -159,9 +159,9 @@ ARG PHP_VER
COPY --from=composer-build /tmp/Vendor /var/www/MISP/app/Vendor COPY --from=composer-build /tmp/Vendor /var/www/MISP/app/Vendor
COPY --from=composer-build /tmp/Plugin /var/www/MISP/app/Plugin COPY --from=composer-build /tmp/Plugin /var/www/MISP/app/Plugin
RUN for dir in /etc/php/*; do echo "extension=ssdeep.so" > "$dir/mods-available/ssdeep.ini"; done; phpenmod ssdeep
RUN for dir in /etc/php/*; do echo "extension=rdkafka.so" > "$dir/mods-available/rdkafka.ini"; done; phpenmod rdkafka RUN for dir in /etc/php/*; do echo "extension=rdkafka.so" > "$dir/mods-available/rdkafka.ini"; done; phpenmod rdkafka
RUN for dir in /etc/php/*; do echo "extension=brotli.so" > "$dir/mods-available/brotli.ini"; done; phpenmod brotli RUN for dir in /etc/php/*; do echo "extension=brotli.so" > "$dir/mods-available/brotli.ini"; done; phpenmod brotli
RUN for dir in /etc/php/*; do echo "extension=ssdeep.so" > "$dir/mods-available/ssdeep.ini"; done; phpenmod ssdeep
RUN for dir in /etc/php/*; do echo "extension=simdjson.so" > "$dir/mods-available/simdjson.ini"; done; phpenmod simdjson RUN for dir in /etc/php/*; do echo "extension=simdjson.so" > "$dir/mods-available/simdjson.ini"; done; phpenmod simdjson
RUN phpenmod redis RUN phpenmod redis

106
server/files/configure_misp.sh
View File

@ -4,35 +4,35 @@ source /rest_client.sh
[ -z "$ADMIN_EMAIL" ] && ADMIN_EMAIL="admin@admin.test" [ -z "$ADMIN_EMAIL" ] && ADMIN_EMAIL="admin@admin.test"
[ -z "$GPG_PASSPHRASE" ] && GPG_PASSPHRASE="passphrase" [ -z "$GPG_PASSPHRASE" ] && GPG_PASSPHRASE="passphrase"
[ -z "$REDIS_FQDN" ] && REDIS_FQDN=redis [ -z "$REDIS_FQDN" ] && REDIS_FQDN="redis"
[ -z "$MISP_MODULES_FQDN" ] && MISP_MODULES_FQDN="http://misp-modules" [ -z "$MISP_MODULES_FQDN" ] && MISP_MODULES_FQDN="http://misp-modules"
init_configuration(){ init_configuration(){
# Note that we are doing this after enforcing permissions, so we need to use the www-data user for this # Note that we are doing this after enforcing permissions, so we need to use the www-data user for this
echo "... configuring default settings" echo "... configuring default settings"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.redis_host" "$REDIS_FQDN" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.redis_host" "$REDIS_FQDN"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.baseurl" "$HOSTNAME" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.baseurl" "$HOSTNAME"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.python_bin" $(which python3) sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.python_bin" $(which python3)
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_host" "$REDIS_FQDN" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.ZeroMQ_redis_host" "$REDIS_FQDN"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.ZeroMQ_enable" true sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.ZeroMQ_enable" true
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_services_enable" true sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.Enrichment_services_enable" true
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_services_url" "$MISP_MODULES_FQDN" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.Enrichment_services_url" "$MISP_MODULES_FQDN"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Import_services_enable" true sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.Import_services_enable" true
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Import_services_url" "$MISP_MODULES_FQDN" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.Import_services_url" "$MISP_MODULES_FQDN"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Export_services_enable" true sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.Export_services_enable" true
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Export_services_url" "$MISP_MODULES_FQDN" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.Export_services_url" "$MISP_MODULES_FQDN"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Cortex_services_enable" false sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.Cortex_services_enable" false
} }
init_workers(){ init_workers(){
# Note that we are doing this after enforcing permissions, so we need to use the www-data user for this # Note that we are doing this after enforcing permissions, so we need to use the www-data user for this
echo "... configuring background workers" echo "... configuring background workers"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "SimpleBackgroundJobs.enabled" true sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "SimpleBackgroundJobs.enabled" true
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "SimpleBackgroundJobs.supervisor_host" "127.0.0.1" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "SimpleBackgroundJobs.supervisor_host" "127.0.0.1"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "SimpleBackgroundJobs.supervisor_port" 9001 sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "SimpleBackgroundJobs.supervisor_port" 9001
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "SimpleBackgroundJobs.supervisor_password" "supervisor" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "SimpleBackgroundJobs.supervisor_password" "supervisor"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "SimpleBackgroundJobs.supervisor_user" "supervisor" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "SimpleBackgroundJobs.supervisor_user" "supervisor"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "SimpleBackgroundJobs.redis_host" "$REDIS_FQDN" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "SimpleBackgroundJobs.redis_host" "$REDIS_FQDN"
echo "... starting background workers" echo "... starting background workers"
supervisorctl start misp-workers:* supervisorctl start misp-workers:*
@ -75,24 +75,24 @@ GPGEOF
echo "... found exported key ${GPG_ASC}" echo "... found exported key ${GPG_ASC}"
fi fi
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "GnuPG.email" "${ADMIN_EMAIL}" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.email" "${ADMIN_EMAIL}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "GnuPG.homedir" "${GPG_DIR}" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.homedir" "${GPG_DIR}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "GnuPG.password" "${GPG_PASSPHRASE}" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.password" "${GPG_PASSPHRASE}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "GnuPG.obscure_subject" false sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.obscure_subject" false
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "GnuPG.binary" "$(which gpg)" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "GnuPG.binary" "$(which gpg)"
} }
apply_updates() { apply_updates() {
# Disable weird default # Disable weird default
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.ZeroMQ_enable" false sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.ZeroMQ_enable" false
# Run updates # Run updates
sudo -u www-data /var/www/MISP/app/Console/cake Admin runUpdates sudo -u www-data /var/www/MISP/app/Console/cake Admin runUpdates
} }
init_user() { init_user() {
# Create the main user if it is not there already # Create the main user if it is not there already
sudo -u www-data /var/www/MISP/app/Console/cake userInit -q sudo -u www-data /var/www/MISP/app/Console/cake userInit -q 2>&1 > /dev/null
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.email" ${ADMIN_EMAIL} sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.email" ${ADMIN_EMAIL}
echo "UPDATE misp.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQLCMD} echo "UPDATE misp.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQLCMD}
if [ ! -z "$ADMIN_ORG" ]; then if [ ! -z "$ADMIN_ORG" ]; then
echo "UPDATE misp.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQLCMD} echo "UPDATE misp.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQLCMD}
@ -101,7 +101,7 @@ init_user() {
echo "... setting admin key to '${ADMIN_KEY}'" echo "... setting admin key to '${ADMIN_KEY}'"
CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1 "${ADMIN_KEY}") CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1 "${ADMIN_KEY}")
else else
echo "... regenerating admin key" echo "... regenerating admin key (set \$ADMIN_KEY if you want it to change)"
CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1) CHANGE_CMD=(sudo -u www-data /var/www/MISP/app/Console/cake User change_authkey 1)
fi fi
ADMIN_KEY=`${CHANGE_CMD[@]} | awk 'END {print $NF; exit}'` ADMIN_KEY=`${CHANGE_CMD[@]} | awk 'END {print $NF; exit}'`
@ -111,11 +111,11 @@ init_user() {
echo "... setting admin password to '${ADMIN_PASSWORD}'" echo "... setting admin password to '${ADMIN_PASSWORD}'"
PASSWORD_POLICY=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_complexity" | jq ".value" -r) PASSWORD_POLICY=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_complexity" | jq ".value" -r)
PASSWORD_LENGTH=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_length" | jq ".value") PASSWORD_LENGTH=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_length" | jq ".value")
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Security.password_policy_length" 1 sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" 1
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Security.password_policy_complexity" '/.*/' sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" '/.*/'
sudo -u www-data /var/www/MISP/app/Console/cake user change_pw ${ADMIN_EMAIL} ${ADMIN_PASSWORD} sudo -u www-data /var/www/MISP/app/Console/cake User -q change_pw ${ADMIN_EMAIL} ${ADMIN_PASSWORD}
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Security.password_policy_complexity" ${PASSWORD_POLICY} sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" ${PASSWORD_POLICY}
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Security.password_policy_length" ${PASSWORD_LENGTH} sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" ${PASSWORD_LENGTH}
else else
echo "... leaving admin password as-is" echo "... leaving admin password as-is"
fi fi
@ -123,12 +123,12 @@ init_user() {
} }
apply_critical_fixes() { apply_critical_fixes() {
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.external_baseurl" "${HOSTNAME}" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.external_baseurl" "${HOSTNAME}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.host_org_id" 1 sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.host_org_id" 1
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Action_services_enable" false sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.Action_services_enable" false
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_hover_enable" false sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.Enrichment_hover_enable" false
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_hover_popover_only" false sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.Enrichment_hover_popover_only" false
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Security.csp_enforce" true sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.csp_enforce" true
sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{ sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
\"Security\": { \"Security\": {
\"rest_client_baseurl\": \"${HOSTNAME}\" \"rest_client_baseurl\": \"${HOSTNAME}\"
@ -142,19 +142,19 @@ apply_critical_fixes() {
} }
apply_optional_fixes() { apply_optional_fixes() {
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting --force "MISP.welcome_text_top" "" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q --force "MISP.welcome_text_top" ""
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting --force "MISP.welcome_text_bottom" "" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q --force "MISP.welcome_text_bottom" ""
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.contact" "${ADMIN_EMAIL}" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.contact" "${ADMIN_EMAIL}"
# This is not necessary because we update the DB directly # This is not necessary because we update the DB directly
# sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.org" "${ADMIN_ORG}" # sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.org" "${ADMIN_ORG}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.log_client_ip" true sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.log_client_ip" true
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.log_user_ips" true sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.log_user_ips" true
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.log_user_ips_authkeys" true sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.log_user_ips_authkeys" true
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_timeout" 30 sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.Enrichment_timeout" 30
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_hover_timeout" 5 sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.Enrichment_hover_timeout" 5
} }
update_components() { update_components() {
@ -165,6 +165,7 @@ update_components() {
sudo -u www-data /var/www/MISP/app/Console/cake Admin updateObjectTemplates "$CRON_USER_ID" sudo -u www-data /var/www/MISP/app/Console/cake Admin updateObjectTemplates "$CRON_USER_ID"
} }
create_sync_servers() { create_sync_servers() {
SPLITTED_SYNCSERVERS=$(echo $SYNCSERVERS | tr ',' '\n') SPLITTED_SYNCSERVERS=$(echo $SYNCSERVERS | tr ',' '\n')
for ID in $SPLITTED_SYNCSERVERS; do for ID in $SPLITTED_SYNCSERVERS; do
@ -179,14 +180,15 @@ create_sync_servers() {
# Skip sync server if we can # Skip sync server if we can
echo "... searching sync server ${NAME}" echo "... searching sync server ${NAME}"
if get_server ${HOSTNAME} ${ADMIN_KEY} ${NAME}; then SERVER_ID=$(get_server ${HOSTNAME} ${ADMIN_KEY} ${NAME})
echo "... found existing sync server ${NAME}" if [[ -n "$SERVER_ID" ]]; then
echo "... found existing sync server ${NAME} with id ${SERVER_ID}"
continue continue
fi fi
# Validate #2 # Validate #2
UUID=$(echo "${!DATA}" | jq -r '.remote_org_uuid') UUID=$(echo "${!DATA}" | jq -r '.remote_org_uuid')
if [[ -z $UUID ]]; then if [[ -z "$UUID" ]]; then
echo "... error missing sync server remote_org_uuid" echo "... error missing sync server remote_org_uuid"
continue continue
fi fi
@ -194,7 +196,7 @@ create_sync_servers() {
# Get remote organization # Get remote organization
echo "... searching remote organization ${UUID}" echo "... searching remote organization ${UUID}"
ORG_ID=$(get_organization ${HOSTNAME} ${ADMIN_KEY} ${UUID}) ORG_ID=$(get_organization ${HOSTNAME} ${ADMIN_KEY} ${UUID})
if [[ -z $ORG_ID ]]; then if [[ -z "$ORG_ID" ]]; then
# Add remote organization if missing # Add remote organization if missing
echo "... adding missing organization ${UUID}" echo "... adding missing organization ${UUID}"
add_organization ${HOSTNAME} ${ADMIN_KEY} ${NAME} false ${UUID} add_organization ${HOSTNAME} ${ADMIN_KEY} ${NAME} false ${UUID}

2
server/files/entrypoint_cron.sh
View File

@ -1,5 +1,7 @@
#!/bin/bash #!/bin/bash
[ -z "$CRON_USER_ID" ] && CRON_USER_ID=1
term_procs() { term_procs() {
echo "Entrypoint CRON caught SIGTERM signal!" echo "Entrypoint CRON caught SIGTERM signal!"
echo "Killing process $p1_pid" echo "Killing process $p1_pid"

21
server/files/entrypoint_nginx.sh
View File

@ -13,8 +13,9 @@ trap term_proc SIGTERM
[ -z "$MYSQL_USER" ] && MYSQL_USER=misp [ -z "$MYSQL_USER" ] && MYSQL_USER=misp
[ -z "$MYSQL_PASSWORD" ] && MYSQL_PASSWORD=example [ -z "$MYSQL_PASSWORD" ] && MYSQL_PASSWORD=example
[ -z "$MYSQL_DATABASE" ] && MYSQL_DATABASE=misp [ -z "$MYSQL_DATABASE" ] && MYSQL_DATABASE=misp
[ -z "$MYSQLCMD" ] && export MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE" [ -z "$MYSQLCMD" ] && export MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE"
[ -z "$CRON_USER_ID" ] && CRON_USER_ID="1"
[ -z "$HOSTNAME" ] && HOSTNAME="https://localhost"
init_mysql(){ init_mysql(){
# Test when MySQL is ready.... # Test when MySQL is ready....
@ -51,7 +52,7 @@ init_mysql(){
init_misp_data_files(){ init_misp_data_files(){
# Init config (shared with host) # Init config (shared with host)
echo "... initializing configuration files" echo "... initialize configuration files"
MISP_APP_CONFIG_PATH=/var/www/MISP/app/Config MISP_APP_CONFIG_PATH=/var/www/MISP/app/Config
[ -f $MISP_APP_CONFIG_PATH/bootstrap.php ] || cp $MISP_APP_CONFIG_PATH.dist/bootstrap.default.php $MISP_APP_CONFIG_PATH/bootstrap.php [ -f $MISP_APP_CONFIG_PATH/bootstrap.php ] || cp $MISP_APP_CONFIG_PATH.dist/bootstrap.default.php $MISP_APP_CONFIG_PATH/bootstrap.php
[ -f $MISP_APP_CONFIG_PATH/database.php ] || cp $MISP_APP_CONFIG_PATH.dist/database.default.php $MISP_APP_CONFIG_PATH/database.php [ -f $MISP_APP_CONFIG_PATH/database.php ] || cp $MISP_APP_CONFIG_PATH.dist/database.default.php $MISP_APP_CONFIG_PATH/database.php
@ -60,13 +61,13 @@ init_misp_data_files(){
[ -f $MISP_APP_CONFIG_PATH/email.php ] || cp $MISP_APP_CONFIG_PATH.dist/email.php $MISP_APP_CONFIG_PATH/email.php [ -f $MISP_APP_CONFIG_PATH/email.php ] || cp $MISP_APP_CONFIG_PATH.dist/email.php $MISP_APP_CONFIG_PATH/email.php
[ -f $MISP_APP_CONFIG_PATH/routes.php ] || cp $MISP_APP_CONFIG_PATH.dist/routes.php $MISP_APP_CONFIG_PATH/routes.php [ -f $MISP_APP_CONFIG_PATH/routes.php ] || cp $MISP_APP_CONFIG_PATH.dist/routes.php $MISP_APP_CONFIG_PATH/routes.php
echo "... initializing database.php settings" echo "... initialize database.php settings"
sed -i "s/localhost/$MYSQL_HOST/" $MISP_APP_CONFIG_PATH/database.php sed -i "s/localhost/$MYSQL_HOST/" $MISP_APP_CONFIG_PATH/database.php
sed -i "s/db\s*login/$MYSQL_USER/" $MISP_APP_CONFIG_PATH/database.php sed -i "s/db\s*login/$MYSQL_USER/" $MISP_APP_CONFIG_PATH/database.php
sed -i "s/db\s*password/$MYSQL_PASSWORD/" $MISP_APP_CONFIG_PATH/database.php sed -i "s/db\s*password/$MYSQL_PASSWORD/" $MISP_APP_CONFIG_PATH/database.php
sed -i "s/'database' => 'misp'/'database' => '$MYSQL_DATABASE'/" $MISP_APP_CONFIG_PATH/database.php sed -i "s/'database' => 'misp'/'database' => '$MYSQL_DATABASE'/" $MISP_APP_CONFIG_PATH/database.php
echo "... initializing email.php settings" echo "... initialize email.php settings"
chmod +w $MISP_APP_CONFIG_PATH/email.php chmod +w $MISP_APP_CONFIG_PATH/email.php
tee $MISP_APP_CONFIG_PATH/email.php > /dev/null <<EOT tee $MISP_APP_CONFIG_PATH/email.php > /dev/null <<EOT
<?php <?php
@ -120,7 +121,7 @@ EOT
chmod -w $MISP_APP_CONFIG_PATH/email.php chmod -w $MISP_APP_CONFIG_PATH/email.php
# Init files (shared with host) # Init files (shared with host)
echo "... initializing app files" echo "... initialize app files"
MISP_APP_FILES_PATH=/var/www/MISP/app/files MISP_APP_FILES_PATH=/var/www/MISP/app/files
if [ ! -f ${MISP_APP_FILES_PATH}/INIT ]; then if [ ! -f ${MISP_APP_FILES_PATH}/INIT ]; then
cp -R ${MISP_APP_FILES_PATH}.dist/* ${MISP_APP_FILES_PATH} cp -R ${MISP_APP_FILES_PATH}.dist/* ${MISP_APP_FILES_PATH}
@ -225,16 +226,16 @@ nginx -g 'daemon off;' & master_pid=$!
# Initialize MISP # Initialize MISP
echo "INIT | Initialize MISP files and configurations ..." && init_misp_data_files echo "INIT | Initialize MISP files and configurations ..." && init_misp_data_files
echo "INIT | Updating MISP app/files directory ..." && update_misp_data_files echo "INIT | Update MISP app/files directory ..." && update_misp_data_files
echo "INIT | Enforce MISP permissions ..." && enforce_misp_data_permissions echo "INIT | Enforce MISP permissions ..." && enforce_misp_data_permissions
echo "INIT | Flipping NGINX live ..." && flip_nginx true true echo "INIT | Flip NGINX live ..." && flip_nginx true true
# Run configure MISP script # Run configure MISP script
echo "INIT | Configuring MISP installation ..." echo "INIT | Configure MISP installation ..."
/configure_misp.sh /configure_misp.sh
if [[ -x /custom/files/customize_misp.sh ]]; then if [[ -x /custom/files/customize_misp.sh ]]; then
echo "INIT | Customizing MISP installation ..." echo "INIT | Customize MISP installation ..."
/custom/files/customize_misp.sh /custom/files/customize_misp.sh
fi fi

4
template.env
View File

@ -16,6 +16,10 @@ ADMIN_KEY=
ADMIN_PASSWORD= ADMIN_PASSWORD=
# default to 'passphrase' # default to 'passphrase'
GPG_PASSPHRASE= GPG_PASSPHRASE=
# default to 1 (the admin user)
CRON_USER_ID=
# default to 'https://localhost'
HOSTNAME=
# optional and used by the mail sub-system # optional and used by the mail sub-system
SMARTHOST_ADDRESS= SMARTHOST_ADDRESS=